AST-2008-012: Remote crash vulnerability in IAX2
Asterisk Project Security Advisory - AST-2008-012
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | Remote crash vulnerability in IAX2 |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Remote Crash |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|----------------------+-------------------------------------------------|
| Severity | Major |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | November 22, 2008 |
|----------------------+-------------------------------------------------|
| Reported By |Jon Leren Scho/pzinsky |
|----------------------+-------------------------------------------------|
| Posted On | |
|----------------------+-------------------------------------------------|
| Last Updated On | December 9, 2008 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | There is a possibility to remotely crash an Asterisk |
| | server if the server is configured to use realtime IAX2 |
| | users. The issue occurs if either an unknown user |
| | attempts to authenticate or if a user that uses hostname |
| | matching attempts to authenticate. |
| | |
| | The problem was due to a broken function call to |
| | Asterisk's realtime configuration API. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | The function calls in question have been fixed. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|---------------------------------+----------------+---------------------|
| Asterisk Open Source | 1.2.x | 1.2.26-1.2.30.3 |
|---------------------------------+----------------+---------------------|
| Asterisk Open Source | 1.4.x | Unaffected |
|---------------------------------+----------------+---------------------|
| Asterisk Open Source | 1.6.x | Unaffected |
|---------------------------------+----------------+---------------------|
| Asterisk Addons | 1.2.x | Unaffected |
|---------------------------------+----------------+---------------------|
| Asterisk Addons | 1.4.x | Unaffected |
|---------------------------------+----------------+---------------------|
| Asterisk Addons | 1.6.x | Unaffected |
|---------------------------------+----------------+---------------------|
| Asterisk Business Edition | A.x.x | Unaffected |
|---------------------------------+----------------+---------------------|
| Asterisk Business Edition | B.x.x | B.2.3.5-B.2.5.5 |
|---------------------------------+----------------+---------------------|
| Asterisk Business Edition | C.x.x | Unaffected |
|---------------------------------+----------------+---------------------|
| AsteriskNOW | 1.5 | Unaffected |
|---------------------------------+----------------+---------------------|
| s800i (Asterisk Appliance) | 1.2.x | Unaffected |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|--------------------------------------------+---------------------------|
| Asterisk Open Source | 1.2.30.4 |
|--------------------------------------------+---------------------------|
| Asterisk Business Edition | B.2.5.6 |
|--------------------------------------------+---------------------------|
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2008-012.pdf and |
| http://downloads.digium.com/pub/security/AST-2008-012.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|--------------------+-----------------+---------------------------------|
| November 23, 2008 | Mark Michelson | Initial draft |
|--------------------+-----------------+---------------------------------|
| December 9, 2008 | Mark Michelson | Added "Corrected In" versions |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2008-012
Copyright (c) 2008 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.