Bugtraq mailing list archives
ASA-2007-011: Multiple problems in SIP channel parser handling response codes
From: "Kevin P. Fleming" <kpfleming () digium com>
Date: Wed, 25 Apr 2007 14:04:20 -0500
Asterisk Project Security Advisory - ASA-2007-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Multiple problems in SIP channel parser handling | | | response codes | |--------------------+---------------------------------------------------| | Nature of Advisory | Denial of Service | |--------------------+---------------------------------------------------| | Susceptibility | Remote Unauthenticated Sessions | |--------------------+---------------------------------------------------| | Severity | Critical | |--------------------+---------------------------------------------------| | Exploits Known | No | |--------------------+---------------------------------------------------| | Reported On | March 20, 2007 | |--------------------+---------------------------------------------------| | Reported By | Mantis user ID 'qwerty1979' | |--------------------+---------------------------------------------------| | Posted On | April 24, 2007 | |--------------------+---------------------------------------------------| | Last Updated On | April 24, 2007 | |--------------------+---------------------------------------------------| | Advisory Contact | kpfleming () digium com | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | Multiple problems have been identified in the Asterisk | | | SIP channel driver (chan_sip) when handling response | | | packets from other SIP endpoints. | | | | | | If the response packets did not contain a valid response | | | code in the first line of the UDP packet, the Asterisk | | | SIP channel driver would fail to parse the packet | | | properly and would cause the Asterisk process to die | | | with a segmentation fault. This results in all active | | | calls and other sessions being lost. | | | | | | More details about these issues can be found at | | | http://bugs.digium.com/view.php?id=9313. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | All users are urged to upgrade to the appropriate version | | | of their Asterisk product listed in the 'Corrected In' | | | section below. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release | | | | Series | | |---------------------------+-------------+------------------------------| | Asterisk Open Source | 1.0.x | has not been evaluated as | | | | this release series is no | | | | longer maintained | |---------------------------+-------------+------------------------------| | Asterisk Open Source | 1.2.x | all releases prior to 1.2.18 | |---------------------------+-------------+------------------------------| | Asterisk Open Source | 1.4.x | all releases prior to 1.4.3 | |---------------------------+-------------+------------------------------| | Asterisk Business Edition | A.x.x | all releases | |---------------------------+-------------+------------------------------| | Asterisk Business Edition | B.x.x | all releases prior to and | | | | including B.1.3.2 | |---------------------------+-------------+------------------------------| | AsteriskNOW | pre-release | all releases prior to and | | | | including Beta 5 | |---------------------------+-------------+------------------------------| | Asterisk Appliance | 0.x.x | all releases prior to 0.4.0 | | Developer Kit | | | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |--------------------+---------------------------------------------------| | Asterisk Open | 1.2.18 and 1.4.3, available from | | Source | ftp://ftp.digium.com/pub/telephony/asterisk | |--------------------+---------------------------------------------------| | Asterisk Business | B.1.3.3, available from the Asterisk Business | | Edition | Edition user portal on http://www.digium.com or | | | via Digium Technical Support | |--------------------+---------------------------------------------------| | AsteriskNOW | Beta 6, when available from | | | http://www.asterisknow.org, Beta 5 users can use | | | use 'System Update' in the appliance control | | | panel to update their version of AsteriskNOW | |--------------------+---------------------------------------------------| | Asterisk Appliance | 0.4.0, available from | | Developer Kit | ftp://ftp.digium.com/pub/telephony/aadk | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Links | http://bugs.digium.com/view.php?id=9313 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security. | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://www.asterisk.org/files/ASA-2007-011.pdf. | +------------------------------------------------------------------------+ Asterisk Project Security Advisory - ASA-2007-011 Copyright (c) 2007 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
Current thread:
- ASA-2007-011: Multiple problems in SIP channel parser handling response codes Kevin P. Fleming (Apr 25)