oss-sec mailing list archives
Re: CVE request: libsrtp buffer overflow flaw
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 04 Jun 2013 12:43:20 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/04/2013 09:51 AM, Vincent Danen wrote:
A buffer overflow flaw was reported in libsrtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), in how the crypto_policy_set_from_profile_for_rtp() function applies cryptographic profiles to an srtp_policy. This could allow for a crash of a client linked against libsrtp (like asterisk or linphone). A pull request in git has a patch to correct this issue (doesn't look like it's been merged into master yet though). References: http://seclists.org/fulldisclosure/2013/Jun/10 https://github.com/cisco/libsrtp/pull/26 https://bugzilla.redhat.com/show_bug.cgi?id=970697
Please use CVE-2013-2139 for this issue.
As an aside, when I was poking around in github, I also found this but I don't know anything about libsrtp so I don't know if this is something that can be triggered by a remote user or if this is just a hardening thing, but the commit message is "Security fix to not ignore RTCP encryption, if required." https://github.com/cisco/libsrtp/commit/8ad50a05279b61a382da3cc730ff1560ab4272e8 Is there someone more familiar with libsrtp that might be able to comment on whether or not this is a flaw (so can a remote user request to disable encryption and do ... something?)
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRrjVIAAoJEBYNRVNeJnmTklAQAK+rZnt2RWV69S6aJaU+713u +cVYub01gDCoMFaG5Jlcsw6KAr/8fbxkPcCuPcTGSMglQk3NNKEXZsIEsEynRgaw 7GMrsQqtIMWG6dNtoNZfsuaql9pF4g4sMAdt2YMKvluCod3P/NxS5zmZrQ1MJ7dc PmFt94LEN/uoNnFDPJGdqeQOGLAUjINOb/9EFS1PXsZRfgGNVzyUsLby1Ep+kbal BRv8BXY93g7nf/VB575yz0LynQyYHPn0Q1iLDpgTV/SYuF6ia/s5RpqHvxg2SvKi xq5yOVdAXMTuXp3XjHAau6MKIdi3aHMvTFBoGoiGl9FcWfo0Q1DH0pkg9gHPymBb sC++tBBr9/Awoavjykryz0zW9P2QMlSzqbvFRy8+h8oQAMoB706BUTPpSwkSQLgQ HU9bYyFayUBAdlWPbDmnXK2yA4tBBb/A8MWghzUJqtu8209arJpwUJtYenDnXadM 9IIcNFPb3w7LRL5VReh6fqRQ9Udmf7BoTJ32P69Ib+E6fomRFVYm5fxQzqxlwt0W qWorSL7OmJcaOBcSzfxXTRxtRYYT+mMidWdOGhE7l7ejgwryI1/qcOjEuWT5jCHF 1YS79vBSFNaeocJMTBX6pIDGcUGsSmJjPVOaX5vxLFWRPRG5aEBZUePTfCwctP4k ygVFUXI7n/RxN42He/Lr =zJ6m -----END PGP SIGNATURE-----
Current thread:
- CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Vincent Danen (Jun 04)
- Re: CVE request: libsrtp buffer overflow flaw Kurt Seifried (Jun 04)