Register | Forget Password | Login
Search :
SecurityReason

News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research
WLB

WLB Database

Send to WLB

About WLB
RSS

News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP
Corporate

Contact

About us
Services

SecurePHP
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Details : SecurityAlert

  Topic : Remote Crash Vulnerability in SIP channel driver when run in pedantic mode
  SecurityAlert : 3920
  CVE : CVE-2008-2119
  SecurityRisk : High  alert  (About)
  Remote Exploit : Yes
  Local Exploit : No
  Victim interaction required : No
  Exploit Given : No
  Credit : Asterisk Security Team
  Published : 05.06.2008

  Affected Software : SIP



  Advisory Text :  

Asterisk Project Security Advisory - AST-2008-008

+-----------------------------------------------------------------------
-+
| Product | Asterisk
|

|--------------------+--------------------------------------------------
-|
| Summary | Remote Crash Vulnerability in SIP channel driver
|
| | when run in pedantic mode
|

|--------------------+--------------------------------------------------
-|
| Nature of Advisory | Denial of Service
|

|--------------------+--------------------------------------------------
-|
| Susceptibility | Remote Unauthenticated Sessions
|

|--------------------+--------------------------------------------------
-|
| Severity | Critical
|

|--------------------+--------------------------------------------------
-|
| Exploits Known | No
|

|--------------------+--------------------------------------------------
-|
| Reported On | May 8, 2008
|

|--------------------+--------------------------------------------------
-|
| Reported By | Hooi Ng (bugs.digium.com user hooi)
|

|--------------------+--------------------------------------------------
-|
| Posted On | May 8, 2008
|

|--------------------+--------------------------------------------------
-|
| Last Updated On | June 3, 2008
|

|--------------------+--------------------------------------------------
-|
| Advisory Contact | Joshua Colp <jcolp (at) digium (dot) com [email
concealed]> |

|--------------------+--------------------------------------------------
-|
| CVE Name | CVE-2008-2119
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Description | During pedantic SIP processing the From header value is
|
| | passed to the ast_uri_decode function to be decoded. In
|
| | two instances it is possible for the code to cause a
|
| | crash as the From header value is not checked to be
|
| | non-NULL before being passed to the function.
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Resolution | The From header value is now copied into a buffer before
|
| | being passed to the ast_uri_decode function if pedantic
|
| | is enabled and in another instance it is checked to be
|
| | non-NULL before being passed.
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Affected Versions
|

|-----------------------------------------------------------------------
-|
| Product | Release |
|
| | Series |
|

|-------------------------------+------------+--------------------------
-|
| Asterisk Open Source | 1.0.x | All versions
|

|-------------------------------+------------+--------------------------
-|
| Asterisk Open Source | 1.2.x | All versions prior to
|
| | | 1.2.29
|

|-------------------------------+------------+--------------------------
-|
| Asterisk Open Source | 1.4.x | Not Affected
|

|-------------------------------+------------+--------------------------
-|
| Asterisk Business Edition | A.x.x | All versions
|

|-------------------------------+------------+--------------------------
-|
| Asterisk Business Edition | B.x.x | All versions prior to
|
| | | B.2.5.3
|

|-------------------------------+------------+--------------------------
-|
| Asterisk Business Edition | C.x.x | Not Affected
|

|-------------------------------+------------+--------------------------
-|
| AsteriskNOW | 1.0.x | Not Affected
|

|-------------------------------+------------+--------------------------
-|
| Asterisk Appliance Developer | 0.x.x | Not Affected
|
| Kit | |
|

|-------------------------------+------------+--------------------------
-|
| s800i (Asterisk Appliance) | 1.0.x | Not Affected
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Corrected In
|

|-----------------------------------------------------------------------
-|
| Product | Release
|

|---------------+-------------------------------------------------------
-|
| Asterisk Open | 1.2.29, available from
|
| Source | http://downloads.digium.com/pub/telephony/asterisk
|

|---------------+-------------------------------------------------------
-|
| Asterisk | B.2.5.3
|
| Business |
|
| Edition |
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Links | http://bugs.digium.com/view.php?id=12607
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Asterisk Project Security Advisories are posted at
|
| http://www.asterisk.org/security
|
|
|
| This document may be superseded by later versions; if so, the latest
|
| version will be posted at
|
| http://downloads.digium.com/pub/security/AST-2008-008.pdf and
|
| http://downloads.digium.com/pub/security/AST-2008-008.html
|

+-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
| Revision History
|

|-----------------------------------------------------------------------
-|
| Date | Editor | Revisions Made
|

|------------------+--------------------+-------------------------------
-|
| 2008-06-03 | Joshua Colp | Initial Release
|

+-----------------------------------------------------------------------
-+

Asterisk Project Security Advisory - AST-2008-008
Copyright (c) 2008 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in
its
original, unaltered form.





  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

*BSD libc (strfmon) Multiple vulnerabilities

high- 2008-03-25

Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected *BSD systems.
Apache rss

» Apache Tomcat information
   disclosure

» Apache Tomcat <=
   6.0.18 UTF8 Directory
   Traversal Vulnerability

» Apache Tomcat information
   disclosure vulnerability

» Apache Tomcat XSS
   vulnerability
PHP rss

» PHP 5.2.6 (error_log)
   safe_mode bypass

» PHP 5.2.6 chdir(),ftok()
   (standard ext) safe_mode
   bypass

» PHP 5.2.6 posix_access()
   (posix ext) safe_mode
   bypass

» PHP 5.2.5 and prior :
   *printf() functions
   Integer Overflow
Copyright © SecurityReason. All Rights Reserved.