AST-2011-007




Asterisk Project Security Advisory - AST-2011-007

+------------------------------------------------------------------------+
| Product | Asterisk |
|---------------------+--------------------------------------------------|
| Summary | Remote Crash Vulnerability in SIP channel driver |
|---------------------+--------------------------------------------------|
| Nature of Advisory | Remote attacker can crash an Asterisk server |
|---------------------+--------------------------------------------------|
| Susceptibility | Remote Authenticated Sessions |
|---------------------+--------------------------------------------------|
| Severity | Moderate |
|---------------------+--------------------------------------------------|
| Exploits Known | No |
|---------------------+--------------------------------------------------|
| Reported On | May 23, 2011 |
|---------------------+--------------------------------------------------|
| Reported By | Jonathan Rose jrose@xxxxxxxxxx |
|---------------------+--------------------------------------------------|
| Posted On | June 02, 2011 |
|---------------------+--------------------------------------------------|
| Last Updated On | June 02, 2011 |
|---------------------+--------------------------------------------------|
| Advisory Contact | Jonathan Rose jrose@xxxxxxxxxx |
|---------------------+--------------------------------------------------|
| CVE Name | CVE-2011-2216 |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Description | If a remote user initiates a SIP call and the recipient |
| | picks up, the remote user can reply with a malformed |
| | Contact header that Asterisk will improperly handle and |
| | cause a crash due to a segmentation fault. |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Resolution | Asterisk now immediately initializes buffer strings |
| | coming into the parse_uri_full function to prevent |
| | outside functions from receiving a NULL value pointer. |
| | This should increase the safety of any function that uses |
| | parse_uri or its wrapper functions which previously would |
| | attempt to work in the presence of a parse_uri failure by |
| | reading off of potentially uninitialized strings. |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.4.2 |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| URL |Branch|
|-----------------------------------------------------------------+------|
|Http://downloads.asterisk.org/pub/security/AST-2011-007-1.8.diff |1.8 |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2011-007.pdf and |
| http://downloads.digium.com/pub/security/AST-2011-007.html |
+------------------------------------------------------------------------+

+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-------------------+-------------------------+--------------------------|
| 06/02/11 | Jonathan Rose | Initial Release |
+------------------------------------------------------------------------+

Asterisk Project Security Advisory - AST-2011-007
Copyright (c) 2011 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.


Relevant Pages