Hash: SHA1

             AUSCERT External Security Bulletin Redistribution

             Asterisk Project Security Advisory - AST-2013-001
                               2 April 2013


        AusCERT Security Bulletin Summary

Product:           Asterisk Open Source
Publisher:         Digium
Operating System:  Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2013-2685  

Original Bulletin: 

- --------------------------BEGIN INCLUDED TEXT--------------------

               Asterisk Project Security Advisory - AST-2013-001

          Product         Asterisk                                            
          Summary         Buffer Overflow Exploit Through SIP SDP Header      
     Nature of Advisory   Exploitable Stack Buffer Overflow                   
       Susceptibility     Remote Unauthenticated Sessions                     
          Severity        Major                                               
       Exploits Known     No                                                  
        Reported On       6 January, 2013                                     
        Reported By       Ulf Ha:rnhammar                                     
         Posted On        27 March, 2013                                      
      Last Updated On     March 27, 2013                                      
      Advisory Contact    Jonathan Rose <jrose AT digium DOT com>             
          CVE Name        CVE-2013-2685                                       

    Description  The format attribute resource for h264 video performs an     
                 unsafe read against a media attribute when parsing the SDP.  
                 The vulnerable parameter can be received as strings of an    
                 arbitrary length and Asterisk attempts to read them into     
                 limited buffer spaces without applying a limit to the        
                 number of characters read. If a message is formed            
                 improperly, this could lead to an attacker being able to     
                 execute arbitrary code remotely.                             

    Resolution  Attempts to read string data into the buffers noted are now   
                explicitly limited by the size of the buffers.                

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source             11.x       All Versions             

                                  Corrected In  
                     Product                              Release             
               Asterisk Open Source                        11.2.2             

                               SVN URL                              Revision  
   Http://downloads.asterisk.org/pub/security/AST-2013-001-11.diff Asterisk   

       Links     https://issues.asterisk.org/jira/browse/ASTERISK-20901       

    Asterisk Project Security Advisories are posted at                        
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2013-001.pdf and             

                                Revision History
            Date                  Editor               Revisions Made         
    February 11, 2013      Jonathan Rose         Initial Draft                
    March 27, 2013         Matt Jordan           CVE Added                    

               Asterisk Project Security Advisory - AST-2013-001
              Copyright (c) 2013 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967