SecurityvulnsSECURITYVULNS:DOC:17870AST-2007-020: Resource Exhaustion Vulnerability in Asterisk SIP channel driver
Asterisk Project Security Advisory - AST-2007-020
±-----------------------------------------------------------------------+
| Product | Asterisk |
|--------------------±--------------------------------------------------|
| Summary | Resource Exhaustion vulnerability in SIP channel |
| | driver |
|--------------------±--------------------------------------------------|
| Nature of Advisory | Denial of Service |
|--------------------±--------------------------------------------------|
| Susceptibility | Remote Unauthenticated Sessions |
|--------------------±--------------------------------------------------|
| Severity | Moderate |
|--------------------±--------------------------------------------------|
| Exploits Known | No |
|--------------------±--------------------------------------------------|
| Reported On | August 9, 2007 |
|--------------------±--------------------------------------------------|
| Reported By | Jon Moldenauer (bugs.digium.com user |
| | jmoldenhauer) |
|--------------------±--------------------------------------------------|
| Posted On | August 21, 2007 |
|--------------------±--------------------------------------------------|
| Last Updated On | August 21, 2007 |
|--------------------±--------------------------------------------------|
| Advisory Contact | Russell Bryant <[email protected]> |
|--------------------±--------------------------------------------------|
| CVE Name | CVE-2007-4455 |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Description | The handling of SIP dialog history was broken during the |
| | development of Asterisk 1.4. Regardless of whether |
| | recording SIP dialog history is turned on or off, the |
| | history is still recorded in memory. Furthermore, there |
| | is no upper limit on how many history items will be |
| | stored for a given SIP dialog. |
| | |
| | It is possible for an attacker to use up all of the |
| | system's memory by creating a SIP dialog that records |
| | many entires in the history and never ends. It is also |
| | worth noting for the sake of doing the math to calculate |
| | what it would take to exploit this that each SIP history |
| | entry will take up a maximum of 88 bytes. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Resolution | The fix that has been added to chan_sip is to restore the |
| | functionality where SIP dialog history is not recorded in |
| | memory if it is not enabled. Furthermore, a maximum of 50 |
| | entires in the history will be stored for each dialog |
| | when recording history is turned on. |
| | |
| | The only way to avoid this problem in affected versions |
| | of Asterisk is to disable chan_sip. If chan_sip is being |
| | used, the system must be upgraded to a version that has |
| | this issue resolved. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Affected Versions |
|---|
| Product |
| ----------------------------------±------------±---------------------- |
| Asterisk Open Source |
| ----------------------------------±------------±---------------------- |
| Asterisk Open Source |
| ----------------------------------±------------±---------------------- |
| Asterisk Open Source |
| ----------------------------------±------------±---------------------- |
| Asterisk Business Edition |
| ----------------------------------±------------±---------------------- |
| Asterisk Business Edition |
| ----------------------------------±------------±---------------------- |
| AsteriskNOW |
| ----------------------------------±------------±---------------------- |
| Asterisk Appliance Developer Kit |
| ----------------------------------±------------±---------------------- |
| s800i (Asterisk Appliance) |
| ±-----------------------------------------------------------------------+ |
±-----------------------------------------------------------------------+
| Corrected In |
|---|
| Product |
| ---------------±------------------------------------------------------- |
| Asterisk Open |
| Source |
| ---------------±------------------------------------------------------- |
| AsteriskNOW |
| ---------------±------------------------------------------------------- |
| Asterisk |
| Appliance |
| Developer Kit |
| ---------------±------------------------------------------------------- |
| s800i |
| (Asterisk |
| Appliance) |
| ±-----------------------------------------------------------------------+ |
±-----------------------------------------------------------------------+
| Links | http://bugs.digium.com/view.php?id=10421 |
| | |
| | http://bugs.digium.com/view.php?id=10418 |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security. |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/asa/AST-2007-020.pdf and |
| http://downloads.digium.com/pub/asa/AST-2007-020.html. |
±-----------------------------------------------------------------------+
±-----------------------------------------------------------------------+
| Revision History |
|---|
| Date |
| ---------------------±-----------------------±------------------------ |
| August 21, 2007 |
| ±-----------------------------------------------------------------------+ |
Asterisk Project Security Advisory - AST-2007-020
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
Related
