[UNIX] Asterisk Logger and Manager Format String Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 19 Mar 2008 08:30:53 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Asterisk Logger and Manager Format String Vulnerability
------------------------------------------------------------------------
SUMMARY
Logging messages displayed using the Asterisk ast_verbose logging API call
are not displayed as a character string, they are displayed as a format
string. Output as a result of the Manager command "command" is not
appended to the resulting response message as a character string, it is
appended as a format string. It is possible in both instances for an
attacker to provide a formatted string as a value for input which can
cause a crash.
DETAILS
Vulnerable Systems:
* Asterisk Open Source versions prior to 1.6.0-beta6
Immune Systems:
* Asterisk Open Source version 1.6.0-beta6
Resolution:
Input given to both the ast_verbose logging API call and astman_append
function is now interpreted as a character string and not as a format
string.
Bugs:
The following two bug reports provide more information about this
vulnerability:
<http://bugs.digium.com/view.php?id=12205>
http://bugs.digium.com/view.php?id=12205
<http://bugs.digium.com/view.php?id=12206>
http://bugs.digium.com/view.php?id=12206
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1333>
CVE-2008-1333
ADDITIONAL INFORMATION
The information has been provided by <mailto:jcolp@xxxxxxxxxx> Joshua
Colp.
The original article can be found at:
<http://downloads.digium.com/pub/security/AST-2008-004.html>
http://downloads.digium.com/pub/security/AST-2008-004.html
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] Asterisk SIP Channel Driver Unauthenticated Calls
- Next by Date: [UNIX] RTP Codec Payload Handling Two Buffer Overflows
- Previous by thread: [UNIX] Asterisk SIP Channel Driver Unauthenticated Calls
- Next by thread: [UNIX] RTP Codec Payload Handling Two Buffer Overflows
- Index(es):
Relevant Pages
|
