AST-2007-024 - Fallacious security advisory spread on the Internet involving buffer overflow in Zaptel's sethdlc application
Asterisk Project Security Advisory - AST-2007-024
+------------------------------------------------------------------------+
| Product | Zaptel |
|--------------------+---------------------------------------------------|
| Summary | Potential buffer overflow from command line |
| | application "sethdlc" |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Buffer overflow |
|--------------------+---------------------------------------------------|
| Susceptibility | Local sessions |
|--------------------+---------------------------------------------------|
| Severity | None |
|--------------------+---------------------------------------------------|
| Exploits Known | None |
|--------------------+---------------------------------------------------|
| Reported On | October 31, 2007 |
|--------------------+---------------------------------------------------|
| Reported By | Michael Bucko <michael DOT bucko AT eleytt DOT |
| | com> |
|--------------------+---------------------------------------------------|
| Posted On | October 31, 2007 |
|--------------------+---------------------------------------------------|
| Last Updated On | November 1, 2007 |
|--------------------+---------------------------------------------------|
| Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2007-5690 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | This advisory is a response to a false security |
| | vulnerability published in several places on the |
| | Internet. Had Asterisk's developers been notified prior |
| | to its publication, there would be no need for this. |
| | |
| | There is a potential for a buffer overflow in the |
| | sethdlc application; however, running this application |
| | requires root access to the server, which means that |
| | exploiting this vulnerability gains the attacker no more |
| | advantage than what he already has. As such, this is a |
| | bug, not a security vulnerability. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | The copy of the user-provided argument to the buffer has |
| | been limited to the length of the buffer. This fix has |
| | been committed to the Zaptel 1.2 and 1.4 repositories, |
| | but due to the lack of severity, new releases will not be |
| | immediately made. |
| | |
| | While we appreciate this programming error being brought |
| | to our attention, we would encourage security researchers |
| | to contact us prior to releasing any reports of their |
| | own, both so that we can fix any vulnerability found |
| | prior to the release of an announcement, as well as |
| | avoiding these types of mistakes (and the potential |
| | embarrassment of reporting a vulnerability that wasn't) |
| | in the future. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-----------------+----------------+-------------------------------------|
| Zaptel | 1.2.x | All versions prior to 1.2.22 |
|-----------------+----------------+-------------------------------------|
| Zaptel | 1.4.x | All versions prior to 1.4.7 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|----------------------------+-------------------------------------------|
| Zaptel | 1.2.22, when available |
|----------------------------+-------------------------------------------|
| Zaptel | 1.4.7, when available |
|----------------------------+-------------------------------------------|
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
|Links |http://archives.neohapsis.com/archives/bugtraq/2007-10/0316.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2007-024.pdf and |
| http://downloads.digium.com/pub/security/AST-2007-024.html. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|------------+----------------+------------------------------------------|
| 10/31/2007 | Mark Michelson | Initial release |
|------------+----------------+------------------------------------------|
| 10/31/2007 | Mark Michelson | Changed severity, description, and |
| | | resolution |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2007-024
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.