Hosting Provided By
ASA-2007-017: Remote Crash Vulnerability in STUN implementation

From: Kevin P. Fleming <kpfleming(at)digium.com>
Date: Tue Jul 17 2007 - 19:01:31 EDT
Asterisk Project Security Advisory - ASA-2007-017
+------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Remote Crash Vulnerability in STUN implementation |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Denial of Service                                 |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Critical                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | July 13, 2007                                     |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Will Drewry, Google Security Team                 |
   |--------------------+---------------------------------------------------|
   |     Posted On      | July 17, 2007                                     |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | July 17, 2007                                     |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Joshua Colp                     |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2007-3765                                     |
Do you need help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

   | Description | The Asterisk STUN implementation in the RTP stack has a  |
   |             | remotely exploitable crash vulnerability. A pointer may  |
   |             | run past accessible memory if Asterisk receives a        |
   |             | specially crafted STUN packet on an active RTP port.     |
   |             |                                                          |
   |             | The code that parses the incoming STUN packets           |
   |             | incorrectly checks that the length indicated in the STUN |
   |             | attribute and the size of the STUN attribute header does |
   |             | not exceed the available data. This will cause the data  |
   |             | pointer to run past accessible memory and when accessed  |
   |             | will cause a crash.                                      |

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

   | Resolution | All users that have chan_sip, chan_gtalk, chan_jingle,    |
   |            | chan_h323, chan_mgcp, or chan_skinny enabled on an        |
   |            | affected version should upgrade to the appropriate        |
   |            | version listed in the correct in section of this          |
   |            | advisory.                                                 |

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | None affected         |
Do you need more help? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | None affected         |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.8                 |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | None affected         |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    B.x.x    | None affected         |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | All versions prior to |
   |                                  |             | beta7                 |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | All versions prior to |
   |                                  |             | 0.5.0                 |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.0.2                 |

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |     Product     |                       Release                        |
   |-----------------+------------------------------------------------------|
   |  Asterisk Open  |                 1.4.8 available from                 |
Can we help you? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
   |     Source      |     
ftp://ftp.digium.com/pub/telephony/asterisk      |
   |-----------------+------------------------------------------------------|
   |   AsteriskNOW   |  Beta7, available from 
http://www.asterisknow.org/.  |
   |                 |  Beta5 and Beta6 users can update using the system   |
   |                 |    update feature in the appliance control panel.    |
   |-----------------+------------------------------------------------------|
   |    Asterisk     |                0.5.0, available from                 |
   |    Appliance    |       
ftp://ftp.digium.com/pub/telephony/aadk/       |
   |  Developer Kit  |                                                      |
   |-----------------+------------------------------------------------------|
   | s800i (Asterisk |                        1.0.2                         |
   |   Appliance)    |                                                      |

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

   |        Links        |                                                  |

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

   | Asterisk Project Security Advisories are posted at                     |
   | 
http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | 
http://ftp.digium.com/pub/asa/ASA-2007-017.pdf.                        |

   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+

   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |        Date        |        Editor         |      Revisions Made       |
   |--------------------+-----------------------+---------------------------|
   | July 17, 2006      | jcolp@digium.com      | Initial Release           |

   +------------------------------------------------------------------------+


               Asterisk Project Security Advisory - ASA-2007-017
Can't find what you're looking for? 
In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software:Learn more about Pantek's Technical Support offerings
Place an order for 24/7/365 Technical Support here
Learn more about Pantek, who we are, and what we do
Chat with a Live Operator
Related securityfocus.com Links
bugtraq
certification
focus-bsd
focus-ids
focus-ih
focus-linux
focus-ms
focus-sun
focus-unix-other
focus-virus
forensics
incidents
libnet
linux-secnews
ms-secnews
pen-test
secpapers
secprog
sectools
secureshell
security-basics
securityjobs
sf-news
vuln-dev
webappsec
Request more information about Pantek
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
Received on Wed Jul 18 12:52:27 2007
This message: [ Message body ]
Next message: ak(at)red-database-security.com: "Oracle Security: SQL Injection in APEX CHECK_DB_PASSWORD"
Previous message: ak(at)red-database-security.com: "Oracle Security: SQL Injection in package DBMS_PRVTAQIS"
Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]
This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:09:41 EDT