Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25797
HistoryFeb 26, 2011 - 12:00 a.m.

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

2011-02-2600:00:00
vulners.com
18
JSON
           Asterisk Project Security Advisory - AST-2011-002

    Product       Asterisk                                                
    Summary       Multiple array overflow and crash vulnerabilities in    
                  UDPTL code

Nature of Advisory Exploitable Stack and Heap Array Overflows
Susceptibility Remote Unauthenticated Sessions
Severity Critical
Exploits Known No
Reported On January 27, 2011
Reported By Matthew Nicholson
Posted On February 21, 2011
Last Updated On February 21, 2011
Advisory Contact Matthew Nicholson <[email protected]>
CVE Name

Description When decoding UDPTL packets, multiple stack and heap based
arrays can be made to overflow by specially crafted packets.
Systems doing T.38 pass through or termination are vulnerable.

Resolution The UDPTL decoding routines have been modified to respect the
limits of exploitable arrays.

          In asterisk versions not containing the fix for this issue,     
          disabling T.38 support will prevent this vulnerability from     
          being exploited. T.38 support can be disabled in chan_sip by    
          setting the t38pt_udptl option to &quot;no&quot; &#40;it is off by default&#41;.  
                                                                          
          t38pt_udptl = no                                                
                                                                          
          The chan_ooh323 module should also be disabled by adding the    
          following line in modles.conf.                                  
                                                                          
          noload =&gt; chan_ooh323                                           

                           Affected Versions
            Product              Release Series 
     Asterisk Open Source            1.4.x      All versions              
     Asterisk Open Source            1.6.x      All versions              
   Asterisk Business Edition         C.x.x      All versions              
          AsteriskNOW                 1.5       All versions              
  s800i &#40;Asterisk Appliance&#41;         1.2.x      All versions              

                              Corrected In
          Product                               Release                   
    Asterisk Open Source        1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4   
 Asterisk Business Edition                      C.3.6.3                   

                                Patches                            
                               URL                                 Branch

http://downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff 1.4
http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff 1.6.1
http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff 1.6.2
http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff 1.8

      Links

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2011-002.pdf and
http://downloads.digium.com/pub/security/AST-2011-002.html

                            Revision History
    Date                Editor                    Revisions Made

02/21/11 Matthew Nicholson Initial Release

           Asterisk Project Security Advisory - AST-2011-002
          Copyright &#40;c&#41; 2011 Digium, Inc. All Rights Reserved.

Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

JSON