<<< Date Index >>>     <<< Thread Index >>>

AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage



              Asterisk Project Security Advisory - AST-2007-021

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Crash from invalid/corrupted MIME bodies when     |
   |                    | using voicemail with IMAP storage                 |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Crash                                             |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | minor                                             |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 23, 2007                                   |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Kevin Stewart                                     |
   |--------------------+---------------------------------------------------|
   |     Posted On      | August 24, 2007                                   |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | August 24, 2007                                   |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Mark Michelson <mmichelson@xxxxxxxxxx>            |
   |--------------------+---------------------------------------------------|
   |      CVE Name      |CVE-2007-4521                                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | If Asterisk is configured to use IMAP as its backend     |
   |             | storage for voicemail, then an e-mail sent to a user     |
   |             | with an invalid/corrupted MIME body will cause Asterisk  |
   |             | to crash when the user listens to their voicemail using  |
   |             | the phone.                                               |
   |             |                                                          |
   |             | This does not affect any other voicemail storage option, |
   |             | nor does it affect users who check their voicemail via   |
   |             | e-mail when using IMAP storage.                          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Since this is a minor issue, a new release is not         |
   |            | immediately planned. However, the issue will be fixed in  |
   |            | Asterisk Open Source version 1.4.12 when it is released.  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product             |   Release   |                         |
   |                                |   Series    |                         |
   |--------------------------------+-------------+-------------------------|
   |      Asterisk Open Source      |    1.0.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |      Asterisk Open Source      |    1.2.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |      Asterisk Open Source      |    1.4.x    | Versions 1.4.5 - 1.4.11 |
   |--------------------------------+-------------+-------------------------|
   |   Asterisk Business Edition    |    A.x.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |   Asterisk Business Edition    |    B.x.x    | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |          AsteriskNOW           | pre-release | Not Affected            |
   |--------------------------------+-------------+-------------------------|
   |  Asterisk Appliance Developer  |    0.x.x    | Not Affected            |
   |              Kit               |             |                         |
   |--------------------------------+-------------+-------------------------|
   |   s800i (Asterisk Appliance)   |    1.0.x    | Not Affectted           |
   +------------------------------------------------------------------------+

+-----------------------------------------------------------------------------------+
|                                   Corrected In                                
    |
|-----------------------------------------------------------------------------------|
|Product |                                 Release                              
    |
|--------+--------------------------------------------------------------------------|
|Asterisk|             1.4.12 (not released), patch can be found here:          
    |
|  Open  
|http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html|
| Source |                                                                      
    |
|--------+--------------------------------------------------------------------------|
|--------+--------------------------------------------------------------------------|
+-----------------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |      Links       | http://bugs.digium.com/view.php?id=10544            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/asa/AST-2007-021.pdf and               |
   | http://downloads.digium.com/pub/asa/AST-2007-021.html.                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |         Date         |       Editor        |      Revisions Made       |
   |----------------------+---------------------+---------------------------|
   | August 24, 2007      | Mark Michelson      | Initial Release           |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-021
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.