SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (VoIP)  >   Asterisk Vendors:   Digium (Linux Support Services)
Asterisk Milliwatt Application Lets Remote Users Deny Service
SecurityTracker Alert ID:  1026812
SecurityTracker URL:  http://securitytracker.com/id/1026812
CVE Reference:   CVE-2012-1183   (Links to External Site)
Updated:  Mar 16 2012
Original Entry Date:  Mar 16 2012
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.4.x, 1.6.2.x, 1.8.x, 10.x
Description:   A vulnerability was reported in Asterisk in the Milliwatt Application. A remote user can cause denial of service conditions.

A remote user can send specially crafted data to cause the target service to crash.

Systems using the Milliwatt application are affected.

Russell Bryant reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.
Solution:   The vendor has issued a fix (1.4.44, 1.6.2.23, 1.8.10.1, 10.2.1).

The vendor's advisory is available at:

http://downloads.asterisk.org/pub/security/AST-2012-002.html

Vendor URL:  downloads.asterisk.org/pub/security/AST-2012-002.html (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] AST-2012-002: Remote Crash Vulnerability in Milliwatt Application

               Asterisk Project Security Advisory - AST-2012-002

         Product        Asterisk                                              
         Summary        Remote Crash Vulnerability in Milliwatt Application   
    Nature of Advisory  Exploitable Stack Buffer Overflow with locally        
                        defined data                                          
      Susceptibility    Remote Unauthenticated Sessions                       
         Severity       Minor                                                 
      Exploits Known    No                                                    
       Reported On      03/14/2012                                            
       Reported By      Russell Bryant                                        
        Posted On       03/15/2012                                            
     Last Updated On    March 15, 2012                                        
     Advisory Contact   Matt Jordan <mjordan AT digium DOT com>               
         CVE Name       

    Description  An attacker can cause Asterisk to crash in one of two ways:  
                                                                              
                 1. A dialplan uses the Milliwatt application with 'o'        
                 option                                                       
                                                                              
                 2. The internal_timing opion in asterisk.conf is off         
                                                                              
                 3. The attacker sends a large audio packet. The number of    
                 samples in the audio packet determines the number of         
                 internal data samples that are copied into the buffer. This  
                 overruns the buffer, potentially causing a crash.            
                                                                              
                 OR                                                           
                                                                              
                 1. A diaplan uses the Milliwatt application with the 'o'     
                 option                                                       
                                                                              
                 2. The attacker negotiates a media format with a sampling    
                 rate greater than 32kHz. The application will attempt to     
                 generate an audio packet using the sample rate of the        
                 negotiated format, where the sample rate will require a      
                 number of data points greater then the size of the buffer.   
                 Again, the the application copies a number of internal data  
                 samples into the buffer that are greater then the size of    
                 the buffer, potentially causing a crash.                     
                                                                              
                 Note that the latter attack vector is only possible in       
                 Asterisk 10, as it supports codecs with a sample rate        
                 greater then 32kHz.                                          

    Resolution  Upgrade to one of the versions of Asterisk listed in the      
                "Corrected In" section, or apply a patch specified in the     
                "Patches" section.                                            

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source            1.4.x       All Versions             
         Asterisk Open Source           1.6.2.x      All Versions             
         Asterisk Open Source            1.8.x       All Versions             
         Asterisk Open Source             10.x       All Versions             

                                  Corrected In 
                     Product                              Release             
              Asterisk Open Source                        1.4.44              
              Asterisk Open Source                       1.6.2.23             
              Asterisk Open Source                       1.8.10.1             
              Asterisk Open Source                        10.2.1              

                                     Patches                          
                                SVN URL                               Revision 
   http://downloads.asterisk.org/pub/security/AST-2012-002-1.4.diff   v1.4     
   http://downloads.asterisk.org/pub/security/AST-2012-002-1.6.2.diff v1.6.2   
   http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff   v1.8     
   http://downloads.asterisk.org/pub/security/AST-2012-002-10.diff    v10      

       Links     https://issues.asterisk.org/jira/browse/ASTERISK-19541       

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at http://downloads.digium.com/pub/security/.pdf   
    and http://downloads.digium.com/pub/security/.html                        

                                Revision History
          Date                  Editor                 Revisions Made         
    03/15/2012         Matt Jordan               Initial Release              

               Asterisk Project Security Advisory - AST-2012-002
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC