Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2013.1171
Asterisk Project Security Advisory - AST-2013-004 and AST-2013-005
29 August 2013
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Asterisk Open Source
Certified Asterisk
Asterisk with Digiumphones
Publisher: Digium
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2013-5642 CVE-2013-5641
Original Bulletin:
http://downloads.asterisk.org/pub/security/AST-2013-004.html
http://downloads.asterisk.org/pub/security/AST-2013-005.html
Comment: This bulletin contains two (2) Digium security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
Asterisk Project Security Advisory - AST-2013-004
Product Asterisk
Summary Remote Crash From Late Arriving SIP ACK With SDP
Nature of Advisory Remote Crash
Susceptibility Remote Unauthenticated Sessions
Severity Major
Exploits Known None
Reported On February 11, 2013
Reported By Colin Cuthbertson
Posted On August 27, 2013
Last Updated On August 28, 2013
Advisory Contact Joshua Colp <jcolp AT digium DOT com>
CVE Name CVE-2013-5641
Description A remotely exploitable crash vulnerability exists in the
SIP channel driver if an ACK with SDP is received after the
channel has been terminated. The handling code incorrectly
assumes that the channel will always be present.
Resolution A check has now been added which only parses SDP and applies
it if an Asterisk channel is present.
Note that Walter Doekes, OSSO B.V., is responsible for
diagnosing and providing the fix for this issue.
Affected Versions
Product Release Series
Asterisk Open Source 1.8.x 1.8.17.0 and above
Asterisk Open Source 11.x All versions
Certified Asterisk 1.8.15 All versions
Certified Asterisk 11.2 All versions
Corrected In
Product Release
Asterisk Open Source 1.8.23.1, 11.5.1
Certified Asterisk 1.8.15-cert3, 11.2-cert2
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2013-004-1.8.diff Asterisk 1.8
http://downloads.asterisk.org/pub/security/AST-2013-004-11.diff Asterisk 11
http://downloads.asterisk.org/pub/security/AST-2013-004-1.8.15-cert.diff Certified Asterisk 1.8.15
http://downloads.asterisk.org/pub/security/AST-2013-004-11.2-cert.diff Certified Asterisk 11.1
Links https://issues.asterisk.org/jira/browse/ASTERISK-21064
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2013-004.pdf and
http://downloads.digium.com/pub/security/AST-2013-004.html
Revision History
Date Editor Revisions Made
2013-08-22 Joshua Colp Initial revision.
2013-08-28 Matt Jordan Updated with CVE.
Asterisk Project Security Advisory - AST-2013-004
Copyright (c) 2013 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
- ------------------------------------------------------------------------------
Asterisk Project Security Advisory - AST-2013-005
Product Asterisk
Summary Remote Crash when Invalid SDP is sent in SIP Request
Nature of Advisory Remote Crash
Susceptibility Remote Unauthenticated Sessions
Severity Major
Exploits Known None
Reported On July 03, 2013
Reported By Walter Doekes, OSSO B.V.
Posted On August 27, 2013
Last Updated On August 28, 2013
Advisory Contact Matthew Jordan <mjordan AT digium DOT com>
CVE Name CVE-2013-5642
Description A remotely exploitable crash vulnerability exists in the
SIP channel driver if an invalid SDP is sent in a SIP
request that defines media descriptions before connection
information. The handling code incorrectly attempts to
reference the socket address information even though that
information has not yet been set.
Resolution This patch adds checks when handling the various media
descriptions that ensures the media descriptions are handled
only if we have connection information suitable for that
media.
Thanks to Walter Doekes of OSSO B.V. for finding, reporting,
testing, and providing the fix for this problem.
Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All Versions
Asterisk Open Source 10.x All Versions
Asterisk Open Source 11.x All Versions
Certified Asterisk 1.8.15 All Versions
Certified Asterisk 11.2 All Versions
Asterisk with Digiumphones 10.x-digiumphones All Versions
Corrected In
Product Release
Asterisk Open Source 1.8.23.1, 10.12.3, 11.5.1
Certified Asterisk 1.8.15-cert3, 11.2-cert2
Asterisk with Digiumphones 10.12.3-digiumphones
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2013-005-1.8.diff Asterisk 1.8
http://downloads.asterisk.org/pub/security/AST-2013-005-10.diff Asterisk 10
http://downloads.asterisk.org/pub/security/AST-2013-005-10-digiumphones.diff Asterisk 10-digiumphones
http://downloads.asterisk.org/pub/security/AST-2013-005-11.diff Asterisk 11
http://downloads.asterisk.org/pub/security/AST-2013-005-1.8.15.diff Certified Asterisk 1.8.15
http://downloads.asterisk.org/pub/security/AST-2013-005-11.2.diff Certified Asterisk 11.2
Links https://issues.asterisk.org/jira/browse/ASTERISK-22007
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2013-005.pdf and
http://downloads.digium.com/pub/security/AST-2013-005.html
Revision History
Date Editor Revisions Made
2013-08-27 Matt Jordan Initial Revision.
2013-08-28 Matt Jordan Updated CVE.
Asterisk Project Security Advisory - AST-2013-005
Copyright (c) 2013 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUh6z1RLndAQH1ShLAQKEwQ/9ElkiZUfVEtPK7FVKIkvKpWLfO1Gufuai
ZlXK5VzCN5142Ct+rWiGzK5Imm/EtVZeAK+WUDPGiQmK3cIqQ4gBCQ2Al/K0qLTp
TyW/6JIyn5SFFQeCttyP/GtxuPOjkR+myXAZNsAbA1Uv8gJGctCU/5tzhnmVpGrM
wBwIG7shOrqSasMsQ2p3nJHt8vy5RF3ZA1M49LlXiBDj1nvzPmffmFR8rXvBw9ZU
LOK1EVQH3YZLarPo3NCUjPw1AFhqcsHpvkeBijbt7brckRFf/Frkp4TbMxXwGphp
wH2msEt78UHcANneJ+YLUpBY2xeMvlve1oxWi+Q8rF7m0xrXTHlGutUfYfD5qDZ+
uwy4wX3NXXlaV0XimfF7IhEwYRqloGGHHR5pp65XvOrfaPvxjl9c4ShiHl362i9+
n2NwG2FtB8Qf5p3ohDx82ZdabBeG0kTyT4s6xDTTz2fUqL2mZVXJud97NY8MV6ZG
c12JOeqxllpyUCT79Ru8SqNSvAW+m/u6vLX6hUiXGfbi1ORrFPn6T5PYPbRSvhrf
bbP5bS+xnPtNLPPogLTlBh/4PDwr4GnJs+AK+be2gnAJ/57Eipp7kNyG++Q4rkZJ
KgMPwiKEKLyzsq6tLsxS/OCyItG00fQo30zG0viQJd6ksv5OTzbC/ngSM2vKsJ8G
kthjA/xopro=
=tRBS
-----END PGP SIGNATURE-----