Asterisk Project Security Advisory - AST-2008-004
ยฑ-----------------------------------------------------------------------+
| Product | Asterisk |
|--------------------ยฑ--------------------------------------------------|
| Summary | Format String Vulnerability in Logger and Manager |
|--------------------ยฑ--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------ยฑ--------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------ยฑ--------------------------------------------------|
| Severity | Moderate |
|--------------------ยฑ--------------------------------------------------|
| Exploits Known | No |
|--------------------ยฑ--------------------------------------------------|
| Reported On | March 13, 2008 |
|--------------------ยฑ--------------------------------------------------|
| Reported By | Steve Davies (bugs.digium.com user stevedavies) |
| | |
| | Brandon Kruse (bugs.digium.com user bkruse) |
|--------------------ยฑ--------------------------------------------------|
| Posted On | March 18, 2008 |
|--------------------ยฑ--------------------------------------------------|
| Last Updated On | March 18, 2008 |
|--------------------ยฑ--------------------------------------------------|
| Advisory Contact | Joshua Colp <[email protected]> |
|--------------------ยฑ--------------------------------------------------|
| CVE Name | CVE-2008-1333 |
ยฑ-----------------------------------------------------------------------+
ยฑ-----------------------------------------------------------------------+
| Description | Logging messages displayed using the ast_verbose logging |
| | API call are not displayed as a character string, they |
| | are displayed as a format string. |
| | |
| | Output as a result of the Manager command "command" is |
| | not appended to the resulting response message as a |
| | character string, it is appended as a format string. |
| | |
| | It is possible in both instances for an attacker to |
| | provide a formatted string as a value for input which |
| | can cause a crash. |
ยฑ-----------------------------------------------------------------------+
ยฑ-----------------------------------------------------------------------+
| Resolution | Input given to both the ast_verbose logging API call and |
| | astman_append function is now interpreted as a character |
| | string and not as a format string. |
ยฑ-----------------------------------------------------------------------+
ยฑ-----------------------------------------------------------------------+
Affected Versions |
---|
Product |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Open Source |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Open Source |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Open Source |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Open Source |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Business Edition |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Business Edition |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Business Edition |
----------------------------ยฑ--------ยฑ-------------------------------- |
AsteriskNOW |
----------------------------ยฑ--------ยฑ-------------------------------- |
Asterisk Appliance |
Developer Kit |
----------------------------ยฑ--------ยฑ-------------------------------- |
s800i (Asterisk Appliance) |
ยฑ-----------------------------------------------------------------------+ |
ยฑ-----------------------------------------------------------------------+
Corrected In |
---|
Product |
---------------ยฑ------------------------------------------------------- |
Asterisk Open |
Source |
ยฑ-----------------------------------------------------------------------+ |
ยฑ-----------------------------------------------------------------------+
| Links | http://bugs.digium.com/view.php?id=12205 |
| | |
| | http://bugs.digium.com/view.php?id=12206 |
ยฑ-----------------------------------------------------------------------+
ยฑ-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2008-004.pdf and |
| http://downloads.digium.com/pub/security/AST-2008-004.html |
ยฑ-----------------------------------------------------------------------+
ยฑ-----------------------------------------------------------------------+
Revision History |
---|
Date |
------------------ยฑ-------------------ยฑ------------------------------- |
2008-03-18 |
ยฑ-----------------------------------------------------------------------+ |
Asterisk Project Security Advisory - AST-2008-004
Copyright (c) 2008 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.