Asterisk畸形MIME体远程拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1189296 漏洞类型 其他
发布时间 2007-08-24 更新时间 2007-08-31
CVE编号 CVE-2007-4521 CNNVD-ID CNNVD-200708-449
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/25438
https://cxsecurity.com/issue/WLB-2007080130
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200708-449
|漏洞详情
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。Asterisk在处理畸形格式的MIME数据时存在漏洞,远程攻击者可能利用此漏洞导致设备不可用。如果将Asterisk配置为使用IMAP做为其语音邮件的后端存储的话,则发送给用户的带有畸形MIME体的邮件会导致用户在使用电话听取语音邮件时Asterisk出现崩溃。
|漏洞EXP
              Asterisk Project Security Advisory - AST-2007-021

+-----------------------------------------------------------------------
-+
   |      Product       | Asterisk                                          |
   |--------------------+--------------------------------------------------
-|
   |      Summary       | Crash from invalid/corrupted MIME bodies when     |
   |                    | using voicemail with IMAP storage                 |
   |--------------------+--------------------------------------------------
-|
   | Nature of Advisory | Crash                                             |
   |--------------------+--------------------------------------------------
-|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+--------------------------------------------------
-|
   |      Severity      | minor                                             |
   |--------------------+--------------------------------------------------
-|
   |   Exploits Known   | No                                                |
   |--------------------+--------------------------------------------------
-|
   |    Reported On     | August 23, 2007                                   |
   |--------------------+--------------------------------------------------
-|
   |    Reported By     | Kevin Stewart                                     |
   |--------------------+--------------------------------------------------
-|
   |     Posted On      | August 24, 2007                                   |
   |--------------------+--------------------------------------------------
-|
   |  Last Updated On   | August 24, 2007                                   |
   |--------------------+--------------------------------------------------
-|
   |  Advisory Contact  | Mark Michelson <mmichelson (at) digium (dot) com [email concealed]>            |
   |--------------------+--------------------------------------------------
-|
   |      CVE Name      |CVE-2007-4521                                      |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   | Description | If Asterisk is configured to use IMAP as its backend     |
   |             | storage for voicemail, then an e-mail sent to a user     |
   |             | with an invalid/corrupted MIME body will cause Asterisk  |
   |             | to crash when the user listens to their voicemail using  |
   |             | the phone.                                               |
   |             |                                                          |
   |             | This does not affect any other voicemail storage option, |
   |             | nor does it affect users who check their voicemail via   |
   |             | e-mail when using IMAP storage.                          |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   | Resolution | Since this is a minor issue, a new release is not         |
   |            | immediately planned. However, the issue will be fixed in  |
   |            | Asterisk Open Source version 1.4.12 when it is released.  |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   |                           Affected Versions                            |
   |-----------------------------------------------------------------------
-|
   |            Product             |   Release   |                         |
   |                                |   Series    |                         |
   |--------------------------------+-------------+------------------------
-|
   |      Asterisk Open Source      |    1.0.x    | Not Affected            |
   |--------------------------------+-------------+------------------------
-|
   |      Asterisk Open Source      |    1.2.x    | Not Affected            |
   |--------------------------------+-------------+------------------------
-|
   |      Asterisk Open Source      |    1.4.x    | Versions 1.4.5 - 1.4.11 |
   |--------------------------------+-------------+------------------------
-|
   |   Asterisk Business Edition    |    A.x.x    | Not Affected            |
   |--------------------------------+-------------+------------------------
-|
   |   Asterisk Business Edition    |    B.x.x    | Not Affected            |
   |--------------------------------+-------------+------------------------
-|
   |          AsteriskNOW           | pre-release | Not Affected            |
   |--------------------------------+-------------+------------------------
-|
   |  Asterisk Appliance Developer  |    0.x.x    | Not Affected            |
   |              Kit               |             |                         |
   |--------------------------------+-------------+------------------------
-|
   |   s800i (Asterisk Appliance)   |    1.0.x    | Not Affectted           |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
------------+
|                                   Corrected In                                    |
|-----------------------------------------------------------------------
------------|
|Product |                                 Release                                  |
|--------+--------------------------------------------------------------
------------|
|Asterisk|             1.4.12 (not released), patch can be found here:              |
|  Open  |http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.h
tml|
| Source |                                                                          |
|--------+--------------------------------------------------------------
------------|
|--------+--------------------------------------------------------------
------------|
+-----------------------------------------------------------------------
------------+

+-----------------------------------------------------------------------
-+
   |      Links       | http://bugs.digium.com/view.php?id=10544            |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security.                                      |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/asa/AST-2007-021.pdf and               |
   | http://downloads.digium.com/pub/asa/AST-2007-021.html.                 |
   +-----------------------------------------------------------------------
-+

+-----------------------------------------------------------------------
-+
   |                            Revision History                            |
   |-----------------------------------------------------------------------
-|
   |         Date         |       Editor        |      Revisions Made       |
   |----------------------+---------------------+--------------------------
-|
   | August 24, 2007      | Mark Michelson      | Initial Release           |
   +-----------------------------------------------------------------------
-+

Asterisk Project Security Advisory - AST-2007-021
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

|受影响的产品
Asterisk Asterisk 1.4.11 Asterisk Asterisk 1.4.10 Asterisk Asterisk 1.4.9 Asterisk Asterisk 1.4.8 Asterisk Asterisk 1.4.7 Asterisk Asterisk 1.4.6 Asteris
|参考资料

来源:SECTRACK
名称:1018606
链接:http://www.securitytracker.com/id?1018606
来源:BID
名称:25438
链接:http://www.securityfocus.com/bid/25438
来源:BUGTRAQ
名称:20070824AST-2007-021:Crashfrominvalid/corruptedMIMEbodieswhenusingvoicemailwithIMAPstorage
链接:http://www.securityfocus.com/archive/1/archive/1/477729/100/0/threaded
来源:SECUNIA
名称:26602
链接:http://secunia.com/advisories/26602
来源:SECUNIA
名称:26601
链接:http://secunia.com/advisories/26601
来源:downloads.digium.com
链接:http://downloads.digium.com/pub/asa/AST-2007-021.html
来源:XF
名称:asterisk-mime-body-dos(36261)
链接:http://xforce.iss.net/xforce/xfdb/36261
来源:VUPEN
名称:ADV-2007-2978
链接:http://www.frsirt.com/english/advisories/2007/2978
来源:SREASON
名称:3065
链接:http://securityreason.com/securityalert/3065