Asterisk Project Security Advisory - AST-2010-001 +----------------------------------------------------------------------- -+ | Product | Asterisk | |----------------------+------------------------------------------------ -| | Summary | T.38 Remote Crash Vulnerability | |----------------------+------------------------------------------------ -| | Nature of Advisory | Denial of Service | |----------------------+------------------------------------------------ -| | Susceptibility | Remote unauthenticated sessions | |----------------------+------------------------------------------------ -| | Severity | Critical | |----------------------+------------------------------------------------ -| | Exploits Known | No | |----------------------+------------------------------------------------ -| | Reported On | 12/03/09 | |----------------------+------------------------------------------------ -| | Reported By | issues.asterisk.org users bklang and elsto | |----------------------+------------------------------------------------ -| | Posted On | 02/03/10 | |----------------------+------------------------------------------------ -| | Last Updated On | February 2, 2010 | |----------------------+------------------------------------------------ -| | Advisory Contact | David Vossel < dvossel AT digium DOT com > | |----------------------+------------------------------------------------ -| | CVE Name | CVE-2010-0441 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Description | An attacker attempting to negotiate T.38 over SIP can | | | remotely crash Asterisk by modifying the FaxMaxDatagram | | | field of the SDP to contain either a negative or | | | exceptionally large value. The same crash occurs when | | | the FaxMaxDatagram field is omitted from the SDP as | | | well. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Resolution | Upgrade to one of the versions of Asterisk listed in the | | | "Corrected In" section, or apply a patch specified in the | | | "Patches" section. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Affected Versions | |----------------------------------------------------------------------- -| | Product | Release Series | | |----------------------------------+----------------+------------------- -| | Asterisk Open Source | 1.6.x | All versions | |----------------------------------+----------------+------------------- -| | Asterisk Business Edition | C.3 | All versions | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Corrected In | |----------------------------------------------------------------------- -| | Product | Release | |------------------------------------------+---------------------------- -| | Asterisk Open Source | 1.6.0.22 | |------------------------------------------+---------------------------- -| | Asterisk Open Source | 1.6.1.14 | |------------------------------------------+---------------------------- -| | Asterisk Open Source | 1.6.2.2 | |------------------------------------------+---------------------------- -| | | C.3.3.2 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- --+ | Patches | |----------------------------------------------------------------------- --| | SVN URL |Branch| |------------------------------------------------------------------+---- --| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff|v1.6 .0| |------------------------------------------------------------------+---- --| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff|v1.6 .1| |------------------------------------------------------------------+---- --| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff|v1.6 .2| +----------------------------------------------------------------------- --+ +----------------------------------------------------------------------- -+ | Links | https://issues.asterisk.org/view.php?id=16634 | | | | | | https://issues.asterisk.org/view.php?id=16724 | | | | | | https://issues.asterisk.org/view.php?id=16517 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/.pdf and | | http://downloads.digium.com/pub/security/.html | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Revision History | |----------------------------------------------------------------------- -| | Date | Editor | Revisions Made | |----------------+----------------------+------------------------------- -| | 02/02/10 | David Vossel | Initial release | +----------------------------------------------------------------------- -+ Asterisk Project Security Advisory - AST-2010-001 Copyright (c) 2010 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.