Asterisk Project Security Advisory - ASA-2007-016
Β±-----------------------------------------------------------------------+
| Product | Asterisk |
|--------------------Β±--------------------------------------------------|
| Summary | Remote crash vulnerability in Skinny channel |
| | driver |
|--------------------Β±--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------Β±--------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------Β±--------------------------------------------------|
| Severity | Critical |
|--------------------Β±--------------------------------------------------|
| Exploits Known | No |
|--------------------Β±--------------------------------------------------|
| Reported On | July 13, 2007 |
|--------------------Β±--------------------------------------------------|
| Reported By | Will Drewry, Google Security Team |
|--------------------Β±--------------------------------------------------|
| Posted On | July 17, 2007 |
|--------------------Β±--------------------------------------------------|
| Last Updated On | July 17, 2007 |
|--------------------Β±--------------------------------------------------|
| Advisory Contact | Jason Parker <[email protected]> |
|--------------------Β±--------------------------------------------------|
| CVE Name | CVE-2007-3764 |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
| Description | The Asterisk Skinny channel driver, chan_skinny, has a |
| | remotely exploitable crash vulnerability. A segfault can |
| | occur when Asterisk receives a packet where the claimed |
| | length of the data is between 0 and 3, followed by |
| | length + 4 or more bytes, due to an overly large memcpy. |
| | The side effects of this extremely large memcpy have not |
| | been investigated. |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
| Resolution | All users that have chan_skinny enabled should upgrade to |
| | the appropriate version listed in the corrected in |
| | section of this advisory. As a workaround, users who do |
| | not require chan_skinny may add the line "noload => |
| | chan_skinny.so" (without quotes) to |
| | /etc/asterisk/modules.conf, and restart Asterisk. |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
Affected Versions |
---|
Product |
----------------------------------Β±------------Β±---------------------- |
Asterisk Open Source |
----------------------------------Β±------------Β±---------------------- |
Asterisk Open Source |
----------------------------------Β±------------Β±---------------------- |
Asterisk Open Source |
----------------------------------Β±------------Β±---------------------- |
Asterisk Business Edition |
----------------------------------Β±------------Β±---------------------- |
Asterisk Business Edition |
----------------------------------Β±------------Β±---------------------- |
AsteriskNOW |
----------------------------------Β±------------Β±---------------------- |
Asterisk Appliance Developer Kit |
----------------------------------Β±------------Β±---------------------- |
s800i (Asterisk Appliance) |
Β±-----------------------------------------------------------------------+ |
Β±-----------------------------------------------------------------------+
Corrected In |
---|
Product |
--------------------Β±-------------------------------------------------- |
Asterisk Open |
Source |
--------------------Β±-------------------------------------------------- |
Asterisk Business |
Edition |
--------------------Β±-------------------------------------------------- |
AsteriskNOW |
--------------------Β±-------------------------------------------------- |
Asterisk Appliance |
Developer Kit |
--------------------Β±-------------------------------------------------- |
s800i (Asterisk |
Appliance) |
Β±-----------------------------------------------------------------------+ |
Β±-----------------------------------------------------------------------+
| Links | |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://ftp.digium.com/pub/asa/ASA-2007-016.pdf. |
Β±-----------------------------------------------------------------------+
Β±-----------------------------------------------------------------------+
Revision History |
---|
Date |
-------------------Β±------------------------Β±------------------------- |
July 17, 2007 |
Β±-----------------------------------------------------------------------+ |
Asterisk Project Security Advisory - ASA-2007-016
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.