T.38 asterisk 1.6.1.12 Remote Crash Vulnerability

2010.02.06
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Asterisk Project Security Advisory - AST-2010-001 +----------------------------------------------------------------------- -+ | Product | Asterisk | |----------------------+------------------------------------------------ -| | Summary | T.38 Remote Crash Vulnerability | |----------------------+------------------------------------------------ -| | Nature of Advisory | Denial of Service | |----------------------+------------------------------------------------ -| | Susceptibility | Remote unauthenticated sessions | |----------------------+------------------------------------------------ -| | Severity | Critical | |----------------------+------------------------------------------------ -| | Exploits Known | No | |----------------------+------------------------------------------------ -| | Reported On | 12/03/09 | |----------------------+------------------------------------------------ -| | Reported By | issues.asterisk.org users bklang and elsto | |----------------------+------------------------------------------------ -| | Posted On | 02/03/10 | |----------------------+------------------------------------------------ -| | Last Updated On | February 2, 2010 | |----------------------+------------------------------------------------ -| | Advisory Contact | David Vossel < dvossel AT digium DOT com > | |----------------------+------------------------------------------------ -| | CVE Name | CVE-2010-0441 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Description | An attacker attempting to negotiate T.38 over SIP can | | | remotely crash Asterisk by modifying the FaxMaxDatagram | | | field of the SDP to contain either a negative or | | | exceptionally large value. The same crash occurs when | | | the FaxMaxDatagram field is omitted from the SDP as | | | well. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Resolution | Upgrade to one of the versions of Asterisk listed in the | | | "Corrected In" section, or apply a patch specified in the | | | "Patches" section. | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Affected Versions | |----------------------------------------------------------------------- -| | Product | Release Series | | |----------------------------------+----------------+------------------- -| | Asterisk Open Source | 1.6.x | All versions | |----------------------------------+----------------+------------------- -| | Asterisk Business Edition | C.3 | All versions | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Corrected In | |----------------------------------------------------------------------- -| | Product | Release | |------------------------------------------+---------------------------- -| | Asterisk Open Source | 1.6.0.22 | |------------------------------------------+---------------------------- -| | Asterisk Open Source | 1.6.1.14 | |------------------------------------------+---------------------------- -| | Asterisk Open Source | 1.6.2.2 | |------------------------------------------+---------------------------- -| | | C.3.3.2 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- --+ | Patches | |----------------------------------------------------------------------- --| | SVN URL |Branch| |------------------------------------------------------------------+---- --| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff|v1.6 .0| |------------------------------------------------------------------+---- --| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff|v1.6 .1| |------------------------------------------------------------------+---- --| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff|v1.6 .2| +----------------------------------------------------------------------- --+ +----------------------------------------------------------------------- -+ | Links | https://issues.asterisk.org/view.php?id=16634 | | | | | | https://issues.asterisk.org/view.php?id=16724 | | | | | | https://issues.asterisk.org/view.php?id=16517 | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/.pdf and | | http://downloads.digium.com/pub/security/.html | +----------------------------------------------------------------------- -+ +----------------------------------------------------------------------- -+ | Revision History | |----------------------------------------------------------------------- -| | Date | Editor | Revisions Made | |----------------+----------------------+------------------------------- -| | 02/02/10 | David Vossel | Initial release | +----------------------------------------------------------------------- -+ Asterisk Project Security Advisory - AST-2010-001 Copyright (c) 2010 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.

References:

http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff
https://issues.asterisk.org/view.php?id=16724
https://issues.asterisk.org/view.php?id=16634
https://issues.asterisk.org/view.php?id=16517
http://www.vupen.com/english/advisories/2010/0289
http://www.securityfocus.com/bid/38047
http://www.securityfocus.com/archive/1/archive/1/509327/100/0/threaded
http://securitytracker.com/id?1023532
http://secunia.com/advisories/38395
http://downloads.asterisk.org/pub/security/AST-2010-001.html
http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top