Operating System:

[UNIX/Linux]

Published:

03 June 2011

Protect yourself against future threats.

//Service

AusCERT Education

Enhance your knowledge with our exceptional one day training offerings for individuals and organisations

Read more
Resources > Security Bulletins > ESB-2011.0597 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2011.0597
             Asterisk Project Security Advisory - AST-2011-007
                                3 June 2011

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Asterisk 1.8.x
Publisher:         Asterisk
Operating System:  UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2011-2216  

Original Bulletin: 
   http://downloads.asterisk.org/pub/security/AST-2011-007.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Asterisk Project Security Advisory - AST-2011-007

Product			Asterisk
Summary			Remote Crash Vulnerability in SIP channel driver
Nature of Advisory	Remote attacker can crash an Asterisk server
Susceptibility		Remote Authenticated Sessions
Severity		Moderate
Exploits Known		No
Reported On		May 23, 2011
Reported By		Jonathan Rose jrose@digium.com
Posted On		June 02, 2011
Last Updated On		June 02, 2011
Advisory Contact	Jonathan Rose jrose@digium.com
CVE Name		CVE-2011-2216

Description

If a remote user initiates a SIP call and the recipient picks up, the remote 
user can reply with a malformed Contact header that Asterisk will improperly 
handle and cause a crash due to a segmentation fault.

Resolution
	
Asterisk now immediately initializes buffer strings coming into the 
parse_uri_full function to prevent outside functions from receiving a NULL 
value pointer. This should increase the safety of any function that uses 
parse_uri or its wrapper functions which previously would attempt to work in 
the presence of a parse_uri failure by reading off of potentially uninitialized 
strings.



Affected Versions

Product 	Asterisk Open Source
Release Series 	1.8.x All versions


Corrected In	

Product		Asterisk Open Source
Release		1.8.4.2


Patches

URL		Http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff
Branch		1.8


Asterisk Project Security Advisories are posted at 
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest version 
will be posted at http://downloads.digium.com/pub/security/AST-2011-007.pdf and 
http://downloads.digium.com/pub/security/AST-2011-007.html


Revision History

Date		06/02/11
Editor		Jonathan Rose
Revisions Made	Initial Release


Asterisk Project Security Advisory - AST-2011-007
Copyright  2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its 
original, unaltered form.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFN6Eah/iFOrG6YcBERAm43AKCGrghkcgr5Kfp/E+IZC8y/rRdwWwCgoLGz
kzegRuZDObNAS6tCp6XQhgs=
=Uu1E
-----END PGP SIGNATURE-----