Executive Summary

Summary
Title Asterisk: Multiple vulnerabilities
Informations
Name GLSA-200802-11 First vendor Publication 2008-02-26
Vendor Gentoo Last vendor Modification 2008-02-26
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in Asterisk.

Background

Asterisk is an open source telephony engine and tool kit.

Description

Multiple vulnerabilities have been found in Asterisk:

* Russel Bryant reported a stack buffer overflow in the IAX2 channel driver (chan_iax2) when bridging calls between chan_iax2 and any channel driver that uses RTP for media (CVE-2007-3762).

* Chris Clark and Zane Lackey (iSEC Partners) reported a NULL pointer dereference in the IAX2 channel driver (chan_iax2) (CVE-2007-3763).

* Will Drewry (Google Security) reported a vulnerability in the Skinny channel driver (chan_skinny), resulting in an overly large memcpy (CVE-2007-3764).

* Will Drewry (Google Security) reported a vulnerability in the IAX2
channel driver (chan_iax2), that does not correctly handle unauthenticated transactions using a 3-way handshake (CVE-2007-4103).

Impact

By sending a long voice or video RTP frame, a remote attacker could possibly execute arbitrary code on the target machine. Sending specially crafted LAGRQ or LAGRP frames containing information elements of IAX frames, or a certain data length value in a crafted packet, or performing a flood of calls not completing a 3-way handshake, could result in a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Asterisk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.17-r1"

References

[ 1 ] CVE-2007-3762 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3762
[ 2 ] CVE-2007-3763 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3763
[ 3 ] CVE-2007-3764 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3764
[ 4 ] CVE-2007-4103 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4103

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200802-11.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200802-11.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-772 Missing Release of Resource after Effective Lifetime

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18250
 
Oval ID: oval:org.mitre.oval:def:18250
Title: DSA-1358-1 asterisk
Description: Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit.
Family: unix Class: patch
Reference(s): DSA-1358-1
CVE-2007-1306
CVE-2007-1561
CVE-2007-2294
CVE-2007-2297
CVE-2007-2488
CVE-2007-3762
CVE-2007-3763
CVE-2007-3764
 Version: 5
Platform(s): Debian GNU/Linux 4.0
 Product(s): asterisk
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 31
Application 4
Application 2
Application 175
Application 2
Hardware 2

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200802-11 (asterisk)
File : nvt/glsa_200802_11.nasl
2008-01-17 Name : Debian Security Advisory DSA 1358-1 (asterisk)
File : nvt/deb_1358_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
38197 Asterisk IAX2 Channel Driver (chan_iax2) Incomplete Connection Saturation Rem...
38196 Asterisk IAX2 Channel Driver (chan_iax2) RTP Frame Handling Remote Overflow

A remote overflow exists in multiple asterisk products. The iax2 channel driver fails to verify boundaries on incoming RTP frames with a voice or video payload larger than 4kB resulting in a stack-based overflow. With a specially crafted request, an attacker can cause a denial of service and possible arbitrary code execution resulting in a loss of integrity and/or availability.
38195 Asterisk IAX2 Channel Driver (chan_iax2) Malformed IAX Frame Remote DoS

A remote overflow exists in the IAX2 channel driver (chan_iax2). The driver fails to provide proper boundary control on receiving LAGRQ and LAGRP frames resulting in a null pointer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability.
38194 Asterisk Skinny Channel Driver (chan_skinny) Crafted Packet Remote DoS

Asterisk contains a flaw that may allow a remote denial of service. The issue is triggered when a skinny packet is received where the claimed length is between 0 and 3 added with 4 or more bytes. This will issue a segfault via a large memcpy() and will result in loss of availability for the service.

Snort® IPS/IDS

Date Description
2014-01-10 Digium Asterisk IAX2 Channel Driver DoS attempt
RuleID : 21768 - Revision : 3 - Type : PROTOCOL-VOIP
2014-01-10 Digium Asterisk IAX2 Channel Driver DoS attempt
RuleID : 21767 - Revision : 3 - Type : PROTOCOL-VOIP
2014-01-10 Digium Asterisk SCCP overly large mem copy attempt
RuleID : 21673 - Revision : 4 - Type : PROTOCOL-VOIP

Nessus® Vulnerability Scanner

Date Description
2008-02-27 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200802-11.nasl - Type : ACT_GATHER_INFO
2007-10-17 Name : The remote openSUSE host is missing a security update.
File : suse_asterisk-3977.nasl - Type : ACT_GATHER_INFO
2007-08-28 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1358.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:35:34
  • Multiple Updates