[NEWS] Remote Crash Vulnerability in Asterisk's Skinny Channel Driver
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 19 Jul 2007 14:53:37 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Remote Crash Vulnerability in Asterisk's Skinny Channel Driver
A security vulnerability in Asterisk's Skinny protocol allows remote
attackers to cause the Asterisk server to crash by sending it a malformed
* Asterisk Open Source versions prior to 1.4.8
* AsteriskNOW prerelease versions prior to beta7
* Asterisk Appliance Developer Kit versions prior to 0.5.0
* s800i (Asterisk Appliance) versions prior to 1.0.2
* Asterisk Open Source version 1.4.8
* AsteriskNOW Beta7
* Asterisk Appliance Developer Kit version 0.5.0
* s800i (Asterisk Appliance) version 1.0.2
The Asterisk Skinny channel driver, chan_skinny, has a remotely
exploitable crash vulnerability. A segfault can occur when Asterisk
receives a packet where the claimed length of the data is between 0 and 3,
followed by length + 4 or more bytes, due to an overly large memcpy. The
side effects of this extremely large memcpy have not been investigated.
All users that have chan_skinny enabled should upgrade to the appropriate
version listed in the corrected in section of this advisory. As a
workaround, users who do not require chan_skinny may add the line "noload
=> chan_skinny.so" (without quotes) to /etc/asterisk/modules.conf, and
The information has been provided by <mailto:jparker@xxxxxxxxxx> Jason
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] Cisco Wide Area Application Services (WAAS) Software DoS Vulnerability
- Next by Date: [UNIX] Oracle Database Buffer Overflow Vulnerabilities in Procedure DBMS_DRS.GET_PROPERTY (DB03)
- Previous by thread: [NEWS] Cisco Wide Area Application Services (WAAS) Software DoS Vulnerability
- Next by thread: [UNIX] Oracle Database Buffer Overflow Vulnerabilities in Procedure DBMS_DRS.GET_PROPERTY (DB03)