Asterisk Project Security Advisory - AST-2008-012 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | Remote crash vulnerability in IAX2 | |----------------------+-------------------------------------------------| | Nature of Advisory | Remote Crash | |----------------------+-------------------------------------------------| | Susceptibility | Remote Unauthenticated Sessions | |----------------------+-------------------------------------------------| | Severity | Major | |----------------------+-------------------------------------------------| | Exploits Known | No | |----------------------+-------------------------------------------------| | Reported On | November 22, 2008 | |----------------------+-------------------------------------------------| | Reported By |Jon Leren Scho/pzinsky | |----------------------+-------------------------------------------------| | Posted On | | |----------------------+-------------------------------------------------| | Last Updated On | December 9, 2008 | |----------------------+-------------------------------------------------| | Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> | |----------------------+-------------------------------------------------| | CVE Name | | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | There is a possibility to remotely crash an Asterisk | | | server if the server is configured to use realtime IAX2 | | | users. The issue occurs if either an unknown user | | | attempts to authenticate or if a user that uses hostname | | | matching attempts to authenticate. | | | | | | The problem was due to a broken function call to | | | Asterisk's realtime configuration API. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | The function calls in question have been fixed. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release Series | | |---------------------------------+----------------+---------------------| | Asterisk Open Source | 1.2.x | 1.2.26-1.2.30.3 | |---------------------------------+----------------+---------------------| | Asterisk Open Source | 1.4.x | Unaffected | |---------------------------------+----------------+---------------------| | Asterisk Open Source | 1.6.x | Unaffected | |---------------------------------+----------------+---------------------| | Asterisk Addons | 1.2.x | Unaffected | |---------------------------------+----------------+---------------------| | Asterisk Addons | 1.4.x | Unaffected | |---------------------------------+----------------+---------------------| | Asterisk Addons | 1.6.x | Unaffected | |---------------------------------+----------------+---------------------| | Asterisk Business Edition | A.x.x | Unaffected | |---------------------------------+----------------+---------------------| | Asterisk Business Edition | B.x.x | B.2.3.5-B.2.5.5 | |---------------------------------+----------------+---------------------| | Asterisk Business Edition | C.x.x | Unaffected | |---------------------------------+----------------+---------------------| | AsteriskNOW | 1.5 | Unaffected | |---------------------------------+----------------+---------------------| | s800i (Asterisk Appliance) | 1.2.x | Unaffected | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |--------------------------------------------+---------------------------| | Asterisk Open Source | 1.2.30.4 | |--------------------------------------------+---------------------------| | Asterisk Business Edition | B.2.5.6 | |--------------------------------------------+---------------------------| +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Links | | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/AST-2008-012.pdf and | | http://downloads.digium.com/pub/security/AST-2008-012.html | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Revision History | |------------------------------------------------------------------------| | Date | Editor | Revisions Made | |--------------------+-----------------+---------------------------------| | November 23, 2008 | Mark Michelson | Initial draft | |--------------------+-----------------+---------------------------------| | December 9, 2008 | Mark Michelson | Added "Corrected In" versions | +------------------------------------------------------------------------+ Asterisk Project Security Advisory - AST-2008-012 Copyright (c) 2008 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.