The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Asterisk: information disclosure via IAX2

Synthesis of the vulnerability 

An attacker can use a malicious IAX2 message in order to obtain a memory fragment.
Vulnerable software: Asterisk Open Source, Debian, openSUSE.
Severity of this announce: 1/4.
Creation date: 07/05/2007.
Références of this computer vulnerability: ASA-2007-013, BID-23824, CVE-2007-2488, DSA-1358-1, SUSE-SA:2007:034, VIGILANCE-VUL-6787.

Description of the vulnerability 

The Asterisk product implements the IAX2 protocol (Inter-Asterisk Exchange version 2) to transmit streaming over IP. This protocol uses the 4569/udp port.

The chan_iax2 driver does not check if message received by an authenticated attacker contains the null string terminator. The strlen() function thus continues to walk through memory after end of message until the terminator is found. The memory area comprised between the end of message and the first null character is therefore transmitted.

This vulnerability thus permits an attacker to obtain a memory fragment which may contain sensitive information.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness bulletin impacts software or systems such as Asterisk Open Source, Debian, openSUSE.

Our Vigil@nce team determined that the severity of this computer weakness is low.

The trust level is of type confirmed by the editor, with an origin of user account.

An attacker with a expert ability can exploit this vulnerability announce.

Solutions for this threat 

Asterisk: version 1.4.4.
Version 1.4.4 is corrected:

Asterisk: version 1.2.19.
Version 1.2.19 is corrected:

Debian: new asterisk packages.
New packages are available:
Debian GNU/Linux 3.1 alias sarge
  AMD64 architecture:
      Size/MD5 checksum: 1333966 35dea08bbb3e3ae98622bfc8e2395efa
      Size/MD5 checksum: 31364 b4738c7141ebdb63ff40c4ec51db182d
      Size/MD5 checksum: 21968 04e606d2f26e1b896e2c1e4b3afc0024
  Intel IA-32 architecture:
      Size/MD5 checksum: 1175672 332441ac023e066bfad2e4df2ee35b82
      Size/MD5 checksum: 30384 714976ea15e1c161c77dff509d08af96
      Size/MD5 checksum: 21968 d1ee35f3e22dcd4a5319ae5b15817d0b
  Intel IA-64 architecture:
      Size/MD5 checksum: 1772012 ac19b785773eb877c29edb5a91c31767
      Size/MD5 checksum: 33496 e1d9e1ceff20bd7bbd0c137239034b75
      Size/MD5 checksum: 21966 f9b6ef26db22f14cb1a52e2b1a135c47
Debian GNU/Linux 4.0 alias etch
  AMD64 architecture:
      Size/MD5 checksum: 1752012 6541f884fe3fe9f48b4acc63cf693349
      Size/MD5 checksum: 1716992 cdf6e4ba213e5cfa3066f22f395ce98f
      Size/MD5 checksum: 133196 f8e1c9b4a8ab373f8bcba2aa000df651
  Intel IA-32 architecture:
      Size/MD5 checksum: 1648860 a4e6285b3a8859f93a52121468429ad3
      Size/MD5 checksum: 1615580 f70eb637297095022cdbd859bddd8376
      Size/MD5 checksum: 130820 76b1d7e76d2baae5857aa56a09e87652
  Intel IA-64 architecture:
      Size/MD5 checksum: 2394412 5ebec711b6e457c53f1193232bc4d3d8
      Size/MD5 checksum: 2348026 759e196b5702b5213387f21924541725
      Size/MD5 checksum: 149578 b288f2afa9155e69faff7823181abcab

SUSE: new asterisk packages.
New packages are available:
   openSUSE 10.2:
   SUSE LINUX 10.1:
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer security analysis. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.