Asterisk IAX2未经认证会话处理远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184295 漏洞类型 授权问题
发布时间 2008-12-10 更新时间 2009-05-05
CVE编号 CVE-2008-5558 CNNVD-ID CNNVD-200812-307
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/32773
https://cxsecurity.com/issue/WLB-2008120048
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-307
|漏洞详情
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。如果将Asterisk服务器配置为使用实时IAX2用户的话,Asterisk的实时配置API中可能出现被破坏的函数调用。当未知用户或使用主机名匹配的用户试图进行认证的时候,就会导致Asterisk服务器崩溃。
|漏洞EXP
               Asterisk Project Security Advisory - AST-2008-012

+-----------------------------------------------------------------------
-+
   |       Product        | Asterisk                                        |
   |----------------------+------------------------------------------------
-|
   |       Summary        | Remote crash vulnerability in IAX2              |
   |----------------------+------------------------------------------------
-|
   |  Nature of Advisory  | Remote Crash                                    |
   |----------------------+------------------------------------------------
-|
   |    Susceptibility    | Remote Unauthenticated Sessions                 |
   |----------------------+------------------------------------------------
-|
   |       Severity       | Major                                           |
   |----------------------+------------------------------------------------
-|
   |    Exploits Known    | No                                              |
   |----------------------+------------------------------------------------
-|
   |     Reported On      | November 22, 2008                               |
   |----------------------+------------------------------------------------
-|
   |     Reported By      |Jon Leren Scho/pzinsky                           |
   |----------------------+------------------------------------------------
-|
   |      Posted On       |                                                 |
   |----------------------+------------------------------------------------
-|
   |   Last Updated On    | December 9, 2008                                |
   |----------------------+------------------------------------------------
-|
   |   Advisory Contact   | Mark Michelson <mmichelson AT digium DOT com>   |
   |----------------------+------------------------------------------------
-|
   |       CVE Name       |                                                 |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   | Description | There is a possibility to remotely crash an Asterisk     |
   |             | server if the server is configured to use realtime IAX2  |
   |             | users. The issue occurs if either an unknown user        |
   |             | attempts to authenticate or if a user that uses hostname |
   |             | matching attempts to authenticate.                       |
   |             |                                                          |
   |             | The problem was due to a broken function call to         |
   |             | Asterisk's realtime configuration API.                   |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   |   Resolution    | The function calls in question have been fixed.      |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   |                           Affected Versions                            |
   |-----------------------------------------------------------------------
-|
   |             Product             | Release Series |                     |
   |---------------------------------+----------------+--------------------
-|
   |      Asterisk Open Source       |     1.2.x      | 1.2.26-1.2.30.3     |
   |---------------------------------+----------------+--------------------
-|
   |      Asterisk Open Source       |     1.4.x      | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |      Asterisk Open Source       |     1.6.x      | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |         Asterisk Addons         |     1.2.x      | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |         Asterisk Addons         |     1.4.x      | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |         Asterisk Addons         |     1.6.x      | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |    Asterisk Business Edition    |     A.x.x      | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |    Asterisk Business Edition    |     B.x.x      | B.2.3.5-B.2.5.5     |
   |---------------------------------+----------------+--------------------
-|
   |    Asterisk Business Edition    |     C.x.x      | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |           AsteriskNOW           |      1.5       | Unaffected          |
   |---------------------------------+----------------+--------------------
-|
   |   s800i (Asterisk Appliance)    |     1.2.x      | Unaffected          |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   |                              Corrected In                              |
   |-----------------------------------------------------------------------
-|
   |                  Product                   |          Release          |
   |--------------------------------------------+--------------------------
-|
   |            Asterisk Open Source            |         1.2.30.4          |
   |--------------------------------------------+--------------------------
-|
   |         Asterisk Business Edition          |          B.2.5.6          |
   |--------------------------------------------+--------------------------
-|
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   |        Links        |                                                  |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2008-012.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2008-012.html             |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   |                            Revision History                            |
   |-----------------------------------------------------------------------
-|
   |        Date        |     Editor      |         Revisions Made          |
   |--------------------+-----------------+--------------------------------
-|
   | November 23, 2008  | Mark Michelson  | Initial draft                   |
   |--------------------+-----------------+--------------------------------
-|
   | December 9, 2008   | Mark Michelson  | Added "Corrected In" versions   |
   +-----------------------------------------------------------------------
-+

Asterisk Project Security Advisory - AST-2008-012
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

|受影响的产品
Gentoo Linux Asterisk Asterisk Business Edition B.2.5.5 Asterisk Asterisk Business Edition B.2.5.4 Asterisk Asterisk Business Edition B.2.5.3 Asterisk Asterisk Business Edition B.2.5.2
|参考资料

来源:VUPEN
名称:ADV-2008-3403;PatchInformation
链接:http://www.frsirt.com/english/advisories/2008/3403
来源:SECTRACK
名称:1021378
链接:http://www.securitytracker.com/id?1021378
来源:BID
名称:32773
链接:http://www.securityfocus.com/bid/32773
来源:BUGTRAQ
名称:20081210AST-2008-012:RemotecrashvulnerabilityinIAX2
链接:http://www.securityfocus.com/archive/1/archive/1/499117/100/0/threaded
来源:SREASON
名称:4769
链接:http://securityreason.com/securityalert/4769
来源:GENTOO
名称:GLSA-200905-01
链接:http://security.gentoo.org/glsa/glsa-200905-01.xml
来源:SECUNIA
名称:34982
链接:http://secunia.com/advisories/34982
来源:SECUNIA
名称:32956
链接:http://secunia.com/advisories/32956
来源:OSVDB
名称:50675
链接:http://osvdb.org/50675
来源:downloads.digium.com
链接:http://downloads.digium.com/pub/security/AST-2008-012.html