Executive Summary

Summary
Title New asterisk packages fix several vulnerabilities
Informations
Name DSA-1358 First vendor Publication 2007-08-26
Vendor Debian Last vendor Modification 2007-08-26
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-1306

"Mu Security" discovered that a NULL pointer deference in the SIP implementation could lead to denial of service.

CVE-2007-1561

Inria Lorraine discovered that a programming error in the SIP implementation could lead to denial of service.

CVE-2007-2294

It was discovered that a NULL pointer deference in the manager interface could lead to denial of service.

CVE-2007-2297

It was discovered that a programming error in the SIP implementation could lead to denial of service.

CVE-2007-2488

Tim Panton and Birgit Arkestein discovered that a programming error in the IAX2 implementation could lead to information disclosure.

CVE-2007-3762

Russell Bryant discovered that a buffer overflow in the IAX implementation could lead to the execution of arbitrary code.

CVE-2007-3763

Chris Clark and Zane Lackey discovered that several NULL pointer deferences in the IAX2 implementation could lead to denial of service.

CVE-2007-3764

Will Drewry discovered that a programming error in the Skinny implementation could lead to denial of service.

For the oldstable distribution (sarge) these problems have been fixed in version 1.0.7.dfsg.1-2sarge5.

For the stable distribution (etch) these problems have been fixed in version 1:1.2.13~dfsg-2etch1.

For the unstable distribution (sid) these problems have been fixed in version 1:1.4.11~dfsg-1.

We recommend that you upgrade your Asterisk packages.

Original Source

Url : http://www.debian.org/security/2007/dsa-1358

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18250
 
Oval ID: oval:org.mitre.oval:def:18250
Title: DSA-1358-1 asterisk
Description: Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit.
Family: unix Class: patch
Reference(s): DSA-1358-1
CVE-2007-1306
CVE-2007-1561
CVE-2007-2294
CVE-2007-2297
CVE-2007-2488
CVE-2007-3762
CVE-2007-3763
CVE-2007-3764
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): asterisk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 120
Application 4
Application 2
Application 18
Hardware 2

OpenVAS Exploits

Date Description
2009-01-28 Name : SuSE Update for asterisk SUSE-SA:2007:034
File : nvt/gb_suse_2007_034.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200703-14 (asterisk)
File : nvt/glsa_200703_14.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200704-01 (asterisk)
File : nvt/glsa_200704_01.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200802-11 (asterisk)
File : nvt/glsa_200802_11.nasl
2008-08-22 Name : Asterisk PBX NULL Pointer Dereference Overflow
File : nvt/asterisk_null_pointer_dereference.nasl
2008-08-22 Name : Asterisk PBX SDP Header Overflow Vulnerability
File : nvt/asterisk_sdp_header_overflow.nasl
2008-01-17 Name : Debian Security Advisory DSA 1358-1 (asterisk)
File : nvt/deb_1358_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
38196 Asterisk IAX2 Channel Driver (chan_iax2) RTP Frame Handling Remote Overflow

A remote overflow exists in multiple asterisk products. The iax2 channel driver fails to verify boundaries on incoming RTP frames with a voice or video payload larger than 4kB resulting in a stack-based overflow. With a specially crafted request, an attacker can cause a denial of service and possible arbitrary code execution resulting in a loss of integrity and/or availability.
38195 Asterisk IAX2 Channel Driver (chan_iax2) Malformed IAX Frame Remote DoS

A remote overflow exists in the IAX2 channel driver (chan_iax2). The driver fails to provide proper boundary control on receiving LAGRQ and LAGRP frames resulting in a null pointer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability.
38194 Asterisk Skinny Channel Driver (chan_skinny) Crafted Packet Remote DoS

Asterisk contains a flaw that may allow a remote denial of service. The issue is triggered when a skinny packet is received where the claimed length is between 0 and 3 added with 4 or more bytes. This will issue a segfault via a large memcpy() and will result in loss of availability for the service.
35769 Asterisk IAX2 Channel Driver (chan_iax2) Remote Memory Disclosure
35369 Asterisk Manager Interface Passwordless User MD5 Authentication DoS

A remote overflow exists in multiple Asterisk releases. The Manager Interface fails to properly verify user-supplied input resulting in a NULL pointer dereference. With a specially crafted MD5 login request, an attacker can cause a denial of service resulting in a loss of availability for the application.
34482 Asterisk SIP Channel Driver (chan_sip) SIP Malformed UDP Packet DoS
34479 Asterisk Malformed SIP INVITE Request DoS

Asterisk PBX contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SIP INVITE message containing two SDP headers is sent to the affected application. To exploit this issue, the first header must contain a valid IP address where the second must contain an invalid one. This will result in loss of availability for the asterisk service.
33888 Asterisk Malformed SIP Register Packet Remote DoS

Asterisk PBX contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed SIP REGISTER packet is sent to the affected application without a SIP URI and version header in the request. This will result in a null pointer dereference and a loss of availability for the Asterisk PBX service.

Snort® IPS/IDS

Date Description
2014-01-10 Digium Asterisk invite malformed SDP denial of service attempt
RuleID : 23966 - Revision : 6 - Type : PROTOCOL-VOIP
2014-01-10 Digium Asterisk IAX2 Channel Driver DoS attempt
RuleID : 21768 - Revision : 3 - Type : PROTOCOL-VOIP
2014-01-10 Digium Asterisk IAX2 Channel Driver DoS attempt
RuleID : 21767 - Revision : 3 - Type : PROTOCOL-VOIP
2014-01-10 Digium Asterisk SCCP overly large mem copy attempt
RuleID : 21673 - Revision : 4 - Type : PROTOCOL-VOIP
2014-01-10 request line equal To zero
RuleID : 12061 - Revision : 4 - Type : VOIP-SIP

Nessus® Vulnerability Scanner

Date Description
2008-02-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-11.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_asterisk-3543.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_asterisk-3977.nasl - Type : ACT_GATHER_INFO
2007-08-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1358.nasl - Type : ACT_GATHER_INFO
2007-04-05 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200704-01.nasl - Type : ACT_GATHER_INFO
2007-03-18 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200703-14.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:26:49
  • Multiple Updates