Asterisk JPEG File Handling Integer Overflow Vulnerability

Bugtraq ID:	17561
Class:	Boundary Condition Error
CVE:	CVE-2006-1827
Remote:	Yes
Local:	No
Published:	Apr 17 2006 12:00AM
Updated:	Dec 05 2006 04:09PM
Credit:	Discovery is credited to Cipher.
Vulnerable:	S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Asterisk Asterisk 1.2.6 Asterisk Asterisk 1.2 .0-beta2 Asterisk Asterisk 1.2 .0-beta1 Asterisk Asterisk 1.0.9 Asterisk Asterisk 1.0.8 Asterisk Asterisk 1.0.7 Asterisk Asterisk 0.9 .0 Asterisk Asterisk 0.7.2 Asterisk Asterisk 0.7.1 Asterisk Asterisk 0.7 .0 Asterisk Asterisk 0.4 Asterisk Asterisk 0.3 Asterisk Asterisk 0.2 Asterisk Asterisk 0.1.9 -1 Asterisk Asterisk 0.1.9 Asterisk Asterisk 0.1.8 Asterisk Asterisk 0.1.7
Not Vulnerable:	Asterisk Asterisk 1.2.7

Asterisk JPEG File Handling Integer Overflow Vulnerability

Asterisk is prone to an integer-overflow vulnerability.

This issue arises when the application handles a malformed JPEG file.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application.

Asterisk JPEG File Handling Integer Overflow Vulnerability


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Asterisk JPEG File Handling Integer Overflow Vulnerability

Solution:


A fix is available. Please see the referenced vendor advisories for further information.


Asterisk Asterisk 0.1.7

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.1.8

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.1.9

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.1.9 -1

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.2

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.3

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.4

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.7 .0

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.7.1

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.7.2

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 0.9 .0

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 1.0.7

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz


• Debian asterisk-config_1.0.7.dfsg.1-2sarge2_all.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-confi g_1.0.7.dfsg.1-2sarge2_all.deb


• Debian asterisk-dev_1.0.7.dfsg.1-2sarge2_all.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-dev_1 .0.7.dfsg.1-2sarge2_all.deb


• Debian asterisk-doc_1.0.7.dfsg.1-2sarge2_all.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-doc_1 .0.7.dfsg.1-2sarge2_all.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_alpha.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_amd64.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_arm.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_hppa.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_i386.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_ia64.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_m68k.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_mips.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_mipsel.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_powerpc.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_s390.deb


• Debian asterisk-gtk-console_1.0.7.dfsg.1-2sarge2_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-gtk-c onsole_1.0.7.dfsg.1-2sarge2_sparc.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_alpha.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_amd64.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_arm.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_hppa.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_i386.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_ia64.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_m68k.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_mips.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_mipsel.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_powerpc.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_s390.deb


• Debian asterisk-h323_1.0.7.dfsg.1-2sarge2_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-h323_ 1.0.7.dfsg.1-2sarge2_sparc.deb


• Debian asterisk-sounds-main_1.0.7.dfsg.1-2sarge2_all.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-sound s-main_1.0.7.dfsg.1-2sarge2_all.deb


• Debian asterisk-web-vmail_1.0.7.dfsg.1-2sarge2_all.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk-web-v mail_1.0.7.dfsg.1-2sarge2_all.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_alpha.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_amd64.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_arm.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_hppa.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_i386.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_ia64.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_m68k.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_mips.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_mipsel.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_powerpc.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_s390.deb


• Debian asterisk_1.0.7.dfsg.1-2sarge2_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/a/asterisk/asterisk_1.0.7 .dfsg.1-2sarge2_sparc.deb

Asterisk Asterisk 1.0.8

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 1.0.9

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 1.2 .0-beta1

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 1.2 .0-beta2

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk Asterisk 1.2.6

• Asterisk asterisk-1.2.7-patch.gz
  http://ftp.digium.com/pub/asterisk/releases/asterisk-1.2.7-patch.gz

Asterisk JPEG File Handling Integer Overflow Vulnerability

References:

• Asterisk Codec Integer Overflow 07-04-2006 (Cipher)
  
• Asterisk Homepage (Asterisk)