Asterisk Project Security Advisory - AST-2008-008
Β±-----------------------------------------------------------------------+
| Product | Asterisk |
|--------------------Β±--------------------------------------------------|
| Summary | Remote Crash Vulnerability in SIP channel driver |
| | when run in pedantic mode |
|--------------------Β±--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------Β±--------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------Β±--------------------------------------------------|
| Severity | Critical |
|--------------------Β±--------------------------------------------------|
| Exploits Known | No |
|--------------------Β±--------------------------------------------------|
| Reported On | May 8, 2008 |
|--------------------Β±--------------------------------------------------|
| Reported By | Hooi Ng (bugs.digium.com user hooi) |
|--------------------Β±--------------------------------------------------|
| Posted On | May 8, 2008 |
|--------------------Β±--------------------------------------------------|
| Last Updated On | June 3, 2008 |
|--------------------Β±--------------------------------------------------|
| Advisory Contact | Joshua Colp <[email protected]> |
|--------------------Β±--------------------------------------------------|
| CVE Name | CVE-2008-2119 |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
| Description | During pedantic SIP processing the From header value is |
| | passed to the ast_uri_decode function to be decoded. In |
| | two instances it is possible for the code to cause a |
| | crash as the From header value is not checked to be |
| | non-NULL before being passed to the function. |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
| Resolution | The From header value is now copied into a buffer before |
| | being passed to the ast_uri_decode function if pedantic |
| | is enabled and in another instance it is checked to be |
| | non-NULL before being passed. |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
Affected Versions |
---|
Product |
-------------------------------Β±-----------Β±-------------------------- |
Asterisk Open Source |
-------------------------------Β±-----------Β±-------------------------- |
Asterisk Open Source |
-------------------------------Β±-----------Β±-------------------------- |
Asterisk Open Source |
-------------------------------Β±-----------Β±-------------------------- |
Asterisk Business Edition |
-------------------------------Β±-----------Β±-------------------------- |
Asterisk Business Edition |
-------------------------------Β±-----------Β±-------------------------- |
Asterisk Business Edition |
-------------------------------Β±-----------Β±-------------------------- |
AsteriskNOW |
-------------------------------Β±-----------Β±-------------------------- |
Asterisk Appliance Developer |
Kit |
-------------------------------Β±-----------Β±-------------------------- |
s800i (Asterisk Appliance) |
Β±-----------------------------------------------------------------------+ |
Β±-----------------------------------------------------------------------+
Corrected In |
---|
Product |
---------------Β±------------------------------------------------------- |
Asterisk Open |
Source |
---------------Β±------------------------------------------------------- |
Asterisk |
Business |
Edition |
Β±-----------------------------------------------------------------------+ |
Β±-----------------------------------------------------------------------+
| Links | http://bugs.digium.com/view.php?id=12607 |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2008-008.pdf and |
| http://downloads.digium.com/pub/security/AST-2008-008.html |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
Revision History |
---|
Date |
------------------Β±-------------------Β±------------------------------- |
2008-06-03 |
Β±-----------------------------------------------------------------------+ |
Asterisk Project Security Advisory - AST-2008-008
Copyright (c) 2008 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.