编辑: 山南水北 2017-10-07
Asterisk Project Security Advisory - AST-2009-005 Product Asterisk Summary Remote Crash Vulnerability in SIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions Severity Critical in 1.

6.1;

minor in lesser versions Exploits Known No Reported On July 28,

2009 Reported By Nick Baggott < nbaggott AT mudynamics DOT com > Posted On August 10,

2009 Last Updated On August 13,

2009 Advisory Contact Tilghman Lesher < tlesher AT digium DOT com > CVE Name CVE-2009-2726 Description On certain implementations of libc, the scanf family of functions uses an unbounded amount of stack memory to repeatedly allocate string buffers prior to conversion to the target type. Coupled with Asterisk's allocation of thread stack sizes that are smaller than the default, an attacker may exhaust stack memory in the SIP stack network thread by presenting excessively long numeric strings in various fields. Note that while this potential vulnerability has existed in Asterisk for a very long time, it is only potentially exploitable in 1.6.1 and above, since those versions are the first that have allowed SIP packets to exceed

1500 bytes total, which does not permit strings that are large enough to crash Asterisk. (The number strings presented to us by the security researcher were approximately 32,000 bytes long.) Additionally note that while this can crash Asterisk, execution of arbitrary code is not possible with this vector. Resolution Upgrade Asterisk to one of the releases listed below. Asterisk Project Security Advisory - AST-2009-005 Copyright ?

2009 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. Asterisk Project Security Advisory - AST-2009-005 Affected Versions Product Release Series Asterisk Open Source 1.2.x All versions prior to 1.2.34 Asterisk Open Source 1.4.x All versions prior to 1.4.26.1 Asterisk Open Source 1.6.0.x All versions prior to 1.6.0.13 Asterisk Open Source 1.6.1.x All versions prior to 1.6.1.4 Asterisk Addons 1.2.x Not affected Asterisk Addons 1.4.x Not affected Asterisk Addons 1.6.0.x Not affected Asterisk Addons 1.6.1.x Not affected Asterisk Business Edition A.x.x All versions Asterisk Business Edition B.x.x All versions prior to B.2.5.9 Asterisk Business Edition C.2.x All versions prior to C.2.4.1 Asterisk Business Edition C.3.x All versions prior to C.3.1 AsteriskNOW 1.5 Not affected s800i (Asterisk Appliance) 1.2.x All versions prior to 1.3.0.3 Corrected In Product Release Asterisk Open Source 1.2.34 Asterisk Open Source 1.4.26.1 Asterisk Open Source 1.6.0.13 Asterisk Open Source 1.6.1.4 Asterisk Business Edition B.2.5.9 Asterisk Business Edition C.2.4.1 Asterisk Business Edition C.3.1 s800i (Asterisk Appliance) 1.3.0.3 Asterisk Project Security Advisory - AST-2009-005 Copyright ?

2009 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. Asterisk Project Security Advisory - AST-2009-005 Patches Link Branch http://downloads.digium.com/pub/security/AST-2009-005-1.2.diff.txt 1.2 http://downloads.digium.com/pub/security/AST-2009-005-1.4.diff.txt 1.4 http://downloads.digium.com/pub/security/AST-2009-005-trunk.diff.txt trunk http://downloads.digium.com/pub/security/AST-2009-005-1.6.0.diff.txt 1.6.0 http://downloads.digium.com/pub/security/AST-2009-005-1.6.1.diff.txt 1.6.1 http://downloads.digium.com/pub/security/AST-2009-005-1.6.2.diff.txt 1.6.2 Links http://labs.mudynamics.com/advisories/MU-200908-01.txt Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions;

下载(注:源文件不在本站服务器,都将跳转到源网站下载)
备用下载
发帖评论
相关话题
发布一个新话题