Remote crash vulnerability in IAX2

2008.12.19
Risk: Low
Local: No
Remote: Yes
CWE: CWE-287


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Asterisk Project Security Advisory - AST-2008-012 +----------------------------------------------------------------------- -+ | Product | Asterisk | |----------------------+------------------------------------------------ -| | Summary | Remote crash vulnerability in IAX2 | |----------------------+------------------------------------------------ -| | Nature of Advisory | Remote Crash | |----------------------+------------------------------------------------ -| | Susceptibility | Remote Unauthenticated Sessions | |----------------------+------------------------------------------------ -| | Severity | Major | |----------------------+------------------------------------------------ -| | Exploits Known | No | |----------------------+------------------------------------------------ -| | Reported On | November 22, 2008 | |----------------------+------------------------------------------------ -| | Reported By |Jon Leren Scho/pzinsky | |----------------------+------------------------------------------------ -| | Posted On | | |----------------------+------------------------------------------------ -| | Last Updated On | December 9, 2008 | |----------------------+------------------------------------------------ -| | Advisory Contact | Mark Michelson <mmichelson AT digium DOT com> | |----------------------+------------------------------------------------ -| | CVE Name | | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Description | There is a possibility to remotely crash an Asterisk | | | server if the server is configured to use realtime IAX2 | | | users. The issue occurs if either an unknown user | | | attempts to authenticate or if a user that uses hostname | | | matching attempts to authenticate. | | | | | | The problem was due to a broken function call to | | | Asterisk's realtime configuration API. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Resolution | The function calls in question have been fixed. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Affected Versions | |----------------------------------------------------------------------- -| | Product | Release Series | | |---------------------------------+----------------+-------------------- -| | Asterisk Open Source | 1.2.x | 1.2.26-1.2.30.3 | |---------------------------------+----------------+-------------------- -| | Asterisk Open Source | 1.4.x | Unaffected | |---------------------------------+----------------+-------------------- -| | Asterisk Open Source | 1.6.x | Unaffected | |---------------------------------+----------------+-------------------- -| | Asterisk Addons | 1.2.x | Unaffected | |---------------------------------+----------------+-------------------- -| | Asterisk Addons | 1.4.x | Unaffected | |---------------------------------+----------------+-------------------- -| | Asterisk Addons | 1.6.x | Unaffected | |---------------------------------+----------------+-------------------- -| | Asterisk Business Edition | A.x.x | Unaffected | |---------------------------------+----------------+-------------------- -| | Asterisk Business Edition | B.x.x | B.2.3.5-B.2.5.5 | |---------------------------------+----------------+-------------------- -| | Asterisk Business Edition | C.x.x | Unaffected | |---------------------------------+----------------+-------------------- -| | AsteriskNOW | 1.5 | Unaffected | |---------------------------------+----------------+-------------------- -| | s800i (Asterisk Appliance) | 1.2.x | Unaffected | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Corrected In | |----------------------------------------------------------------------- -| | Product | Release | |--------------------------------------------+-------------------------- -| | Asterisk Open Source | 1.2.30.4 | |--------------------------------------------+-------------------------- -| | Asterisk Business Edition | B.2.5.6 | |--------------------------------------------+-------------------------- -| +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Links | | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/AST-2008-012.pdf and | | http://downloads.digium.com/pub/security/AST-2008-012.html | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Revision History | |----------------------------------------------------------------------- -| | Date | Editor | Revisions Made | |--------------------+-----------------+-------------------------------- -| | November 23, 2008 | Mark Michelson | Initial draft | |--------------------+-----------------+-------------------------------- -| | December 9, 2008 | Mark Michelson | Added "Corrected In" versions | +----------------------------------------------------------------------- -+ Asterisk Project Security Advisory - AST-2008-012 Copyright (c) 2008 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.

References:

http://www.frsirt.com/english/advisories/2008/3403
http://www.securitytracker.com/id?1021378
http://www.securityfocus.com/bid/32773
http://www.securityfocus.com/archive/1/archive/1/499117/100/0/threaded
http://secunia.com/advisories/32956
http://osvdb.org/50675
http://downloads.digium.com/pub/security/AST-2008-012.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top