SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login

	SecurityReason
IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	Services
Security Audit

Schedule

Prices of services

Contact

	RSS
SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About SecurityReason



	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

SecurityAlert Database

Topic :

Crash from transfer using BYE with Also header

SecurityAlert : 3520

CVE : CVE-2008-0095

SecurityRisk : Low Security Risk Low

Security Risk Low

(About)

Remote Exploit : Yes

Local Exploit : No

Exploit Available : No

Credit : Joshua Colp

Published : 08.01.2008

Affected Software :

− Asterisk, Open Source, 1.4.16, and previous
− Asterisk, Asterisk Business Edition, C.1.0beta7, and previous
− Asterisk, Asterisk Appliance Developer Kit, 1.4_revision_95945,
and previous
− Asterisk, AsteriskNOW, Beta 6, and previous
− Asterisk, S800i, 1.0.3.3, and previous

Advisory Content :

Asterisk Project Security Advisory - AST-2008-001

+-----------------------------------------------------------------------
-+
| Product | Asterisk
|

|---------------------+-------------------------------------------------
-|
| Summary | Remote Crash Vulnerability in SIP channel
driver |

|---------------------+-------------------------------------------------
-|
| Nature of Advisory | Denial of Service
|

|---------------------+-------------------------------------------------
-|
| Susceptibility | Remote Unauthenticated Sessions
|

|---------------------+-------------------------------------------------
-|
| Severity | Critical
|

|---------------------+-------------------------------------------------
-|
| Exploits Known | No
|

|---------------------+-------------------------------------------------
-|
| Reported On | December 26, 2007
|

|---------------------+-------------------------------------------------
-|
| Reported By | Grey VoIP (bugs.digium.com user greyvoip)
|

|---------------------+-------------------------------------------------
-|
| Posted On | January 2, 2008
|

|---------------------+-------------------------------------------------
-|
| Last Updated On | January 2, 2008
|

|---------------------+-------------------------------------------------
-|
| Advisory Contact | Joshua Colp <jcolp (at) digium (dot) com [email
concealed]> |

|---------------------+-------------------------------------------------
-|
| CVE Name |
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Description | The handling of the BYE with Also transfer method was
|
| | broken during the development of Asterisk 1.4. If a
|
| | transfer attempt is made using this method the system
|
| | will immediately crash upon handling the BYE message
due |
| | to trying to copy data into a NULL pointer. It is
|
| | important to note that a dialog must have already been
|
| | established and up in order for this to happen.
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Resolution | A fix has been added so that the BYE with Also transfer
|
| | method now properly allocates and uses the transfer data
|
| | structure. It will no longer try to copy data into a
NULL |
| | pointer and will operate properly.
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Affected Versions
|

|-----------------------------------------------------------------------
-|
| Product | Release |
|
| | Series |
|

|----------------------------+-------------+----------------------------
-|
| Asterisk Open Source | 1.0.x | Unaffected
|

|----------------------------+-------------+----------------------------
-|
| Asterisk Open Source | 1.2.x | Unaffected
|

|----------------------------+-------------+----------------------------
-|
| Asterisk Open Source | 1.4.x | All versions prior to
|
| | | 1.4.17
|

|----------------------------+-------------+----------------------------
-|
| Asterisk Business Edition | A.x.x | Unaffected
|

|----------------------------+-------------+----------------------------
-|
| Asterisk Business Edition | B.x.x | Unaffected
|

|----------------------------+-------------+----------------------------
-|
| Asterisk Business Edition | C.x.x | All versions prior to
|
| | | C.1.0-beta8
|

|----------------------------+-------------+----------------------------
-|
| AsteriskNOW | pre-release | All versions prior to
beta7 |

|----------------------------+-------------+----------------------------
-|
| Asterisk Appliance | SVN | All versions prior to
|
| Developer Kit | | Asterisk 1.4 revision
95946 |

|----------------------------+-------------+----------------------------
-|
| s800i (Asterisk Appliance) | 1.0.x | All versions prior to
|
| | | 1.0.3.4
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Corrected In
|

|-----------------------------------------------------------------------
-|
| Product | Release
|

|---------------+-------------------------------------------------------
-|
| Asterisk Open | 1.4.17, available from
|
| Source | http://downloads.digium.com/pub/telephony/asterisk
|

|---------------+-------------------------------------------------------
-|
| Asterisk | C.1.0
|
| Business |
|
| Edition |
|

|---------------+-------------------------------------------------------
-|
| AsteriskNOW | Beta7, available from http://www.asterisknow.org/.
|
| |
|
| | Beta5 and Beta6 users can update using the system
|
| | update feature in the appliance control panel.
|

|---------------+-------------------------------------------------------
-|
| Asterisk | Asterisk 1.4 revision 95946. Available by performing
|
| Appliance | an svn update of the AADK tree.
|
| Developer Kit |
|

|---------------+-------------------------------------------------------
-|
| s800i | 1.0.3.4
|
| (Asterisk |
|
| Appliance) |
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Links | http://bugs.digium.com/view.php?id=11637
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Asterisk Project Security Advisories are posted at
|
| http://www.asterisk.org/security
|
|
|
| This document may be superseded by later versions; if so, the latest
|
| version will be posted at
|
| http://downloads.digium.com/pub/security/AST-2008-001.pdf and
|
| http://downloads.digium.com/pub/security/AST-2008-001.html
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Revision History
|

|-----------------------------------------------------------------------
-|
| Date | Editor | Revisions Made
|

|------------------+--------------------+-------------------------------
-|
| 2008-01-02 | Joshua Colp | Initial Release
|

+-----------------------------------------------------------------------
-+

Asterisk Project Security Advisory - AST-2008-001
Copyright (c) 2007 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in
its
original, unaltered form.

Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.

	Alert
libc:fts_*() Multiple Denial of Service - 2009-10-02 The fts functions are provided for traversing UNIX file hierarchies...


	Apache
» Apache 1.3.41 mod_proxy Integer overflow (code execution)

» Apache Tomcat 6.0.20 and 5.5.28 unexpected file deletion in work directory

» Apache Tomcat 6.0.20 and 5.5.28 insecure partial deploy after failed undeploy

» Apache Tomcat 6.0.20 and 5.5.28 unexpected file deletion and/or alteration



	PHP
» PHP 5.2.12/5.3.1 session.save_path safe_mode and open_basedir bypass

» PHP 5.2.12/5.3.1 Multiple Vulnerabilities

» PHP 5.2.11 libgd multiple vulnerabilities

» PHP 5.2.11 tempnam() safe_mode bypass

Copyright © SecurityReason.com. All Rights Reserved.