The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Asterisk: several vulnerabilities

Synthesis of the vulnerability 

Three vulnerabilities of Asterisk permit a remote attacker to generate a denial of service or to execute code.
Vulnerable systems: Asterisk Open Source, Debian, openSUSE.
Severity of this threat: 2/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 25/04/2007.
Revision date: 05/07/2007.
Références of this weakness: ASA-2007-010, ASA-2007-011, ASA-2007-012, BID-23648, BID-23649, CVE-2007-2293, CVE-2007-2294, CVE-2007-2297, DSA-1358-1, NGS00497, SUSE-SA:2007:034, VIGILANCE-VUL-6764.

Description of the vulnerability 

The Asterisk telephony software implements SIP. It has three vulnerabilities.

Support of T.38 (fax over SIP) is activated with the "t38_udptl" directive of sip.conf. The process_sdp() function of chan_sip.c uses sscanf() to retrieve T38FaxRateManagement and T38FaxUdpEC parameters of SDP. However, no check is done on size of these parameters. An unauthenticated attacker can therefore send a malicious INVITE message to execute code. [severity:2/4; ASA-2007-010, BID-23648, CVE-2007-2293, NGS00497]

Vulnerability VIGILANCE-VUL-6674 (denial of service via a zero error code) was not fully corrected. [severity:2/4; ASA-2007-011, CVE-2007-2297]

When a manager.conf user has an empty password, he can connect using a MD5 authentication, which generates a NULL pointer dereference and stops Asterisk. [severity:2/4; ASA-2007-012, BID-23649, CVE-2007-2294]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat impacts software or systems such as Asterisk Open Source, Debian, openSUSE.

Our Vigil@nce team determined that the severity of this computer vulnerability alert is medium.

The trust level is of type confirmed by the editor, with an origin of intranet client.

This bulletin is about 3 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity weakness.

Solutions for this threat 

Asterisk: version 1.4.3.
Version 1.4.3 is corrected:
  http://www.asterisk.org/downloads
  ftp://ftp.digium.com/pub/telephony/asterisk

Asterisk: version 1.2.18.
Version 1.2.18 is corrected:
  http://www.asterisk.org/downloads
  ftp://ftp.digium.com/pub/telephony/asterisk

Debian: new asterisk packages.
New packages are available:
Debian GNU/Linux 3.1 alias sarge
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_amd64.deb
      Size/MD5 checksum: 1333966 35dea08bbb3e3ae98622bfc8e2395efa
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_amd64.deb
      Size/MD5 checksum: 31364 b4738c7141ebdb63ff40c4ec51db182d
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_amd64.deb
      Size/MD5 checksum: 21968 04e606d2f26e1b896e2c1e4b3afc0024
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_i386.deb
      Size/MD5 checksum: 1175672 332441ac023e066bfad2e4df2ee35b82
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_i386.deb
      Size/MD5 checksum: 30384 714976ea15e1c161c77dff509d08af96
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_i386.deb
      Size/MD5 checksum: 21968 d1ee35f3e22dcd4a5319ae5b15817d0b
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7.dfsg.1-2sarge5_ia64.deb
      Size/MD5 checksum: 1772012 ac19b785773eb877c29edb5a91c31767
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-console_1.0.7.dfsg.1-2sarge5_ia64.deb
      Size/MD5 checksum: 33496 e1d9e1ceff20bd7bbd0c137239034b75
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.0.7.dfsg.1-2sarge5_ia64.deb
      Size/MD5 checksum: 21966 f9b6ef26db22f14cb1a52e2b1a135c47
Debian GNU/Linux 4.0 alias etch
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_amd64.deb
      Size/MD5 checksum: 1752012 6541f884fe3fe9f48b4acc63cf693349
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_amd64.deb
      Size/MD5 checksum: 1716992 cdf6e4ba213e5cfa3066f22f395ce98f
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_amd64.deb
      Size/MD5 checksum: 133196 f8e1c9b4a8ab373f8bcba2aa000df651
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_i386.deb
      Size/MD5 checksum: 1648860 a4e6285b3a8859f93a52121468429ad3
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_i386.deb
      Size/MD5 checksum: 1615580 f70eb637297095022cdbd859bddd8376
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_i386.deb
      Size/MD5 checksum: 130820 76b1d7e76d2baae5857aa56a09e87652
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-bristuff_1.2.13~dfsg-2etch1_ia64.deb
      Size/MD5 checksum: 2394412 5ebec711b6e457c53f1193232bc4d3d8
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-classic_1.2.13~dfsg-2etch1_ia64.deb
      Size/MD5 checksum: 2348026 759e196b5702b5213387f21924541725
    http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_1.2.13~dfsg-2etch1_ia64.deb
      Size/MD5 checksum: 149578 b288f2afa9155e69faff7823181abcab

SUSE: new asterisk packages.
New packages are available:
   openSUSE 10.2:
   ftp://ftp.suse.com/pub/suse/update/10.2/rpm/i586/asterisk-1.2.13-23.i586.rpm
         00b2cfd6b8ac2d7d433992b0b1443c11
   SUSE LINUX 10.1:
   ftp://ftp.suse.com/pub/suse/update/10.1/rpm/i586/asterisk-1.2.5-12.12.i586.rpm
         de8d3bf81cf5ba905383e9d18e416185
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities note. The technology watch team tracks security threats targeting the computer system.