AusCERT - ESB-2006.0947 -- [Linux][BSD][Solaris] -- Buffer Overflow in OpenSER

HOME
About AusCERT
Membership
PKI Services
Training
Publications
Sec. Bulletins
Conferences
News & Media
Services
Web Log
Site Map
Site Help
Member login
ESB-2006.0947 -- [Linux][BSD][Solaris] -- Buffer Overflow in OpenSER
Date: 27 December 2006

Click here for printable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                  ESB-2006.0947 -- [Linux][BSD][Solaris]
                        Buffer Overflow in OpenSER
                             27 December 2006

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              OpenSER
Publisher:            OpenPKG
Operating System:     Linux variants
                      BSD variants
                      Solaris
Impact:               Execute Arbitrary Code/Commands
Access:               Existing Account

Comment: This advisory references vulnerabilities in products which run on
         multiple platforms. It is recommended that administrators
         running OpenSER check for an updated version of the software for
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____________________________________________________________________________

Publisher Name:          OpenPKG GmbH
Publisher Home:          http://openpkg.com/

Advisory Id (public):    OpenPKG-SA-2006.042
Advisory Type:           OpenPKG Security Advisory (SA)
Advisory Directory:      http://openpkg.com/go/OpenPKG-SA
Advisory Document:       http://openpkg.com/go/OpenPKG-SA-2006.042
Advisory Published:      2006-12-26 12:44 UTC

Issue Id (internal):     OpenPKG-SI-20061226.01
Issue First Created:     2006-12-26
Issue Last Modified:     2006-12-26
Issue Revision:          11
____________________________________________________________________________

Subject Name:            OpenSER
Subject Summary:         SIP router
Subject Home:            http://www.openser.org/
Subject Versions:        * <= 1.1.0

Vulnerability Id:        BID:21706
Vulnerability Scope:     global (not OpenPKG specific)

Attack Feasibility:      run-time
Attack Vector:           local system
Attack Impact:           arbitrary code execution

Description:
    A buffer overflow was discovered [0] in the "parse_expression"
    function of the "permissions" module of the SIP router OpenSER [1],
    versions up to and including 1.1.0. The OpenSER "permissions" module
    is used to determine if a SIP call has appropriate permission to be
    established. The "parse_expression" function is used during parsing
    of the modules local allow/deny configuration files.
    
    The buffer overflow is triggered by parsing a configuration
    line expression consisting of more than 500 characters and
    potentially could lead to the execution of arbitrary code under
    the privileges of the OpenSER process. Successfully exploiting the
    vulnerability requires that the local attacker has write access
    to the configuration files used with the configuration functions
    "allow_routing", "allow_register" and "allow_refer_to".

References:
    [0] http://www.securityfocus.com/archive/1/455097
    [1] http://www.openser.org/
____________________________________________________________________________

Primary Package Name:    openser
Primary Package Home:    http://openpkg.org/go/package/openser

Corrected Distribution:  Corrected Branch: Corrected Package:
OpenPKG Enterprise       E1.0-SOLID        openser-1.1.0-E1.0.1
____________________________________________________________________________

For security reasons, this document was digitally signed with the
OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34)
which you can download from http://openpkg.com/openpkg.com.pgp
or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/.
Follow the instructions at http://openpkg.com/security/signatures/
for more details on how to verify the integrity of this document.
____________________________________________________________________________

- -----BEGIN PGP SIGNATURE-----
Comment: OpenPKG GmbH <http://openpkg.com/>

iD8DBQFFkQsHZwQuyWG3rjQRApGOAKCVVCW9h1gKay9HA1isBkPhxpgxxACfWJNq
jUBWsY4pWZ+WaOv7IQjnrMQ=
=IyjS
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRZHfKSh9+71yA2DNAQKrXAQAmQJI6buRBEOTZC6Bw5gTFsPmMogZ+BQB
WY+OI3gCYyUnMN9amER5FIURggpARGGiivS/A8ZJld5fe79CfIgMUF+qvSHrqdq1
3Ne1xLC78koE0a4WJp0wXGdhnKsOl6Fhlfc+FO5vUOfeTS3JmKFuC7KQlDiZ7QRx
8XDFQn/7SO8=
=oAi0
-----END PGP SIGNATURE-----