Asterisk IAX2 远程内存破坏漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194650 漏洞类型 缓冲区溢出
发布时间 2006-06-06 更新时间 2006-07-28
CVE编号 CVE-2006-2898 CNNVD-ID CNNVD-200606-166
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/18295
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-166
|漏洞详情
Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。Asterisk的IAX消息解析的实现上存在内存破坏漏洞,远程攻击者可能利用此漏洞在服务器上执行任意指令。IAX协议的所有通讯都依赖于4569/UDP端口。协议使用15位的标识号在同一UDP端口上多路传输几个IAX2流。IAX2消息被称为帧,Asterisk源码包的iax2.h头文件中定义了几个基本的帧类型。IAX2完整帧使用如下的12字节首部:structast_iax2_full_hdr{unsignedshortscallno;/*Sourcecallnumber--highbitmustbe1*/unsignedshortdcallno;/*Destinationcallnumber--highbitis1ifretransmission*/unsignedintts;/*32-bittimestampinmilliseconds(from1sttransmission)*/unsignedcharoseqno;/*Packetnumber(outgoing)*/unsignedchariseqno;/*Packetnumber(nextincomingexpected)*/unsignedchartype;/*Frametype*/unsignedcharcsub;/*Compressedsubclass*/unsignedchariedata[0];}__attribute__((__packed__));IAX2的mini-frame使用4字节的首部:structast_iax2_mini_hdr{unsignedshortcallno;/*Sourcecallnumber--highbitmustbe0,restmustbenon-zero*/unsignedshortts;/*16-bitTimestamp(high16bitsfromlastast_iax2_full_hdr)*//*FrametypeimplicitlyVOICE_FRAME*//*subclassimplicitfromlastast_iax2_full_hdr*/unsignedchardata[0];}__attribute__((__packed__));以下6字节的报文首部用于支持视频帧:struct
|受影响的产品
S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64
|参考资料

来源:BID
名称:18295
链接:http://www.securityfocus.com/bid/18295
来源:BUGTRAQ
名称:20060606Asterisk1.2.9andAsterisk1.0.11Released-SecurityFix
链接:http://www.securityfocus.com/archive/1/archive/1/436127/100/0/threaded
来源:VUPEN
名称:ADV-2006-2181
链接:http://www.frsirt.com/english/advisories/2006/2181
来源:SECTRACK
名称:1016236
链接:http://securitytracker.com/id?1016236
来源:SECUNIA
名称:20497
链接:http://secunia.com/advisories/20497
来源:BUGTRAQ
名称:20060609CORE-2006-0330:AsteriskPBXtruncatedvideoframevulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/436671/100/0/threaded
来源:SUSE
名称:SUSE-SR:2006:015
链接:http://www.novell.com/linux/security/advisories/2006_38_security.html
来源:GENTOO
名称:GLSA-200606-15
链接:http://www.gentoo.org/security/en/glsa/glsa-200606-15.xml
来源:DEBIAN
名称:DSA-1126
链接:http://www.debian.org/security/2006/dsa-1126
来源:www.asterisk.org
链接:http://www.asterisk.org/node/95
来源:SECUNIA
名称:21222
链接:http://secunia.com/advisories/21222
来源:SECUNIA
名称:20899
链接:http://secunia.com/advisories/20899
来源: