[gentoo-announce] [ GLSA 200610-15 ] Asterisk: Multiple vulnerabilities - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200610-15 ] Asterisk: Multiple vulnerabilities
Date:	Tue, 31 Oct 2006 11:49:49
Message-Id:	`20061030180246.GK27177@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200610-15

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: High

8

     Title: Asterisk: Multiple vulnerabilities

9

      Date: October 30, 2006

10

      Bugs: #144941, #151881

11

        ID: 200610-15

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Asterisk is vulnerable to the remote execution of arbitrary code or a

19

Denial of Service.

20

21

Background

22

==========

23

24

Asterisk is an open source implementation of a telephone private branch

25

exchange (PBX).

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package            /  Vulnerable  /                    Unaffected

32

    -------------------------------------------------------------------

33

  1  net-misc/asterisk      < 1.2.13                         >= 1.2.13

34

35

Description

36

===========

37

38

Asterisk contains buffer overflows in channels/chan_mgcp.c from the

39

MGCP driver and in channels/chan_skinny.c from the Skinny channel

40

driver for Cisco SCCP phones. It also dangerously handles

41

client-controlled variables to determine filenames in the Record()

42

function. Finally, the SIP channel driver in channels/chan_sip.c could

43

use more resources than necessary under unspecified circumstances.

44

45

Impact

46

======

47

48

A remote attacker could execute arbitrary code by sending a crafted

49

audit endpoint (AUEP) response, by sending an overly large Skinny

50

packet even before authentication, or by making use of format strings

51

specifiers through the client-controlled variables. An attacker could

52

also cause a Denial of Service by resource consumption through the SIP

53

channel driver.

54

55

Workaround

56

==========

57

58

There is no known workaround for the format strings vulnerability at

59

this time. You can comment the lines in /etc/asterisk/mgcp.conf,

60

/etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the

61

three vulnerable channel drivers. Please note that the MGCP channel

62

driver is disabled by default.

63

64

Resolution

65

==========

66

67

All Asterisk users should upgrade to the latest version:

68

69

    # emerge --sync

70

    # emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.13"

71

72

References

73

==========

74

75

  [ 1 ] CVE-2006-4345

76

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345

77

  [ 2 ] CVE-2006-4346

78

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346

79

  [ 3 ] CVE-2006-5444

80

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444

81

  [ 4 ] CVE-2006-5445

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5445

83

84

Availability

85

============

86

87

This GLSA and any updates to it are available for viewing at

88

the Gentoo Security Website:

89

90

  http://security.gentoo.org/glsa/glsa-200610-15.xml

91

92

Concerns?

93

=========

94

95

Security is a primary focus of Gentoo Linux and ensuring the

96

confidentiality and security of our users machines is of utmost

97

importance to us. Any security concerns should be addressed to

98

security@g.o or alternatively, you may file a bug at

99

http://bugs.gentoo.org.

100

101

License

102

=======

103

104

Copyright 2006 Gentoo Foundation, Inc; referenced text

105

belongs to its owner(s).

106

107

The contents of this document are licensed under the

108

Creative Commons - Attribution / Share Alike license.

109

110

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200610-15
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: Asterisk: Multiple vulnerabilities
9	Date: October 30, 2006
10	Bugs: #144941, #151881
11	ID: 200610-15
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Asterisk is vulnerable to the remote execution of arbitrary code or a
19	Denial of Service.
20
21	Background
22	==========
23
24	Asterisk is an open source implementation of a telephone private branch
25	exchange (PBX).
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 net-misc/asterisk < 1.2.13 >= 1.2.13
34
35	Description
36	===========
37
38	Asterisk contains buffer overflows in channels/chan_mgcp.c from the
39	MGCP driver and in channels/chan_skinny.c from the Skinny channel
40	driver for Cisco SCCP phones. It also dangerously handles
41	client-controlled variables to determine filenames in the Record()
42	function. Finally, the SIP channel driver in channels/chan_sip.c could
43	use more resources than necessary under unspecified circumstances.
44
45	Impact
46	======
47
48	A remote attacker could execute arbitrary code by sending a crafted
49	audit endpoint (AUEP) response, by sending an overly large Skinny
50	packet even before authentication, or by making use of format strings
51	specifiers through the client-controlled variables. An attacker could
52	also cause a Denial of Service by resource consumption through the SIP
53	channel driver.
54
55	Workaround
56	==========
57
58	There is no known workaround for the format strings vulnerability at
59	this time. You can comment the lines in /etc/asterisk/mgcp.conf,
60	/etc/asterisk/skinny.conf and /etc/asterisk/sip.conf to deactivate the
61	three vulnerable channel drivers. Please note that the MGCP channel
62	driver is disabled by default.
63
64	Resolution
65	==========
66
67	All Asterisk users should upgrade to the latest version:
68
69	# emerge --sync
70	# emerge --ask --oneshot --verbose ">=net-misc/asterisk-1.2.13"
71
72	References
73	==========
74
75	[ 1 ] CVE-2006-4345
76	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4345
77	[ 2 ] CVE-2006-4346
78	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4346
79	[ 3 ] CVE-2006-5444
80	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5444
81	[ 4 ] CVE-2006-5445
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5445
83
84	Availability
85	============
86
87	This GLSA and any updates to it are available for viewing at
88	the Gentoo Security Website:
89
90	http://security.gentoo.org/glsa/glsa-200610-15.xml
91
92	Concerns?
93	=========
94
95	Security is a primary focus of Gentoo Linux and ensuring the
96	confidentiality and security of our users machines is of utmost
97	importance to us. Any security concerns should be addressed to
98	security@g.o or alternatively, you may file a bug at
99	http://bugs.gentoo.org.
100
101	License
102	=======
103
104	Copyright 2006 Gentoo Foundation, Inc; referenced text
105	belongs to its owner(s).
106
107	The contents of this document are licensed under the
108	Creative Commons - Attribution / Share Alike license.
109
110	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce