[NEWS] Skinny Channel Driver DoS
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 13 Aug 2007 12:50:32 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Skinny Channel Driver DoS
------------------------------------------------------------------------
SUMMARY
The Asterisk Skinny channel driver, chan_skinny, has a remotely
exploitable crash vulnerability. A segfault can occur when Asterisk
receives a "CAPABILITIES_RES_MESSAGE" packet where the capabilities count
is greater than the total number of items in the capabilities_res_message
array. Note that this requires an authenticated session.
DETAILS
Vulnerable Systems:
* Asterisk Open Source 1.4.x - all versions prior to 1.4.10
* AsteriskNOW all versions prior to beta7
* Asterisk Appliance Developer Kit all versions prior to 0.7.0
* s800i (Asterisk Appliance) all versions prior to 1.0.3
Immune Systems:
* Asterisk Open Source 1.4.x - version 1.4.10
* AsteriskNOW beta7
* Asterisk Appliance Developer Kit 0.7.0
* s800i (Asterisk Appliance) 1.0.3
* Asterisk Open Source 1.0.x
* Asterisk Open Source 1.2.x
Resolution:
Asterisk code has been modified to limit the incoming capabilities count.
Users with configured Skinny devices should upgrade to the appropriate
version listed in the corrected in section of this advisory.
ADDITIONAL INFORMATION
The information has been provided by <mailto:security@xxxxxxxxxxxx>
Security Response Team.
The original article can be found at:
<http://downloads.digium.com/pub/asa/ASA-2007-019.html>
http://downloads.digium.com/pub/asa/ASA-2007-019.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities
- Next by Date: [NEWS] Cisco Unified MeetingPlace XSS Vulnerability
- Previous by thread: [NT] Hewlett-Packard OpenView Operations OVTrace Buffer Overflow Vulnerabilities
- Next by thread: [NEWS] Cisco Unified MeetingPlace XSS Vulnerability
- Index(es):
Relevant Pages
|
|
