Asterisk IAX2 Remote Buffer Overflow Vulnerability
BID:18295
CVE-2006-2898 |Info
Asterisk IAX2 Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 18295 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-2898 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 06 2006 12:00AM |
| Updated: | Jul 28 2006 04:42PM |
| Credit: | Damian Saura, Alejandro Lozanoff, Eduardo Koch, Norberto Kueffner and Ivan Arce from Core Security Technologies discovered this vulnerability. |
| Vulnerable: |
S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 10.1 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Asterisk Asterisk 1.2.8 Asterisk Asterisk 1.2.7 Asterisk Asterisk 1.2.6 Asterisk Asterisk 1.2 .0-beta2 Asterisk Asterisk 1.2 .0-beta1 Asterisk Asterisk 1.0.10 Asterisk Asterisk 1.0.9 Asterisk Asterisk 1.0.8 Asterisk Asterisk 1.0.7 Asterisk Asterisk 0.9 .0 Asterisk Asterisk 0.7.2 Asterisk Asterisk 0.7.1 Asterisk Asterisk 0.7 .0 Asterisk Asterisk 0.4 Asterisk Asterisk 0.3 Asterisk Asterisk 0.2 Asterisk Asterisk 0.1.9 -1 Asterisk Asterisk 0.1.9 Asterisk Asterisk 0.1.8 Asterisk Asterisk 0.1.7 |
| Not Vulnerable: |
Asterisk Asterisk 1.2.9 Asterisk Asterisk 1.0.11 |
Discussion
Asterisk IAX2 Remote Buffer Overflow Vulnerability
Asterisk is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the server, denying further service to legitimate users.
Asterisk is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely crash the server, denying further service to legitimate users.
Exploit / POC
Asterisk IAX2 Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Asterisk IAX2 Remote Buffer Overflow Vulnerability
Solution:
To address this issue, the vendor has released versions 1.0.11 (for the 1.0.x strain) and 1.2.9 (for the 1.2.x strain).
Please see the referenced vendor advisories for more information.
Asterisk Asterisk 1.0.10
Asterisk Asterisk 1.0.7
Asterisk Asterisk 1.0.8
Asterisk Asterisk 1.0.9
Asterisk Asterisk 1.2 .0-beta1
Asterisk Asterisk 1.2 .0-beta2
Asterisk Asterisk 1.2.6
Asterisk Asterisk 1.2.7
Asterisk Asterisk 1.2.8
Solution:
To address this issue, the vendor has released versions 1.0.11 (for the 1.0.x strain) and 1.2.9 (for the 1.2.x strain).
Please see the referenced vendor advisories for more information.
Asterisk Asterisk 1.0.10
-
Asterisk asterisk-1.0.11.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.0.11. tar.gz
Asterisk Asterisk 1.0.7
-
Asterisk asterisk-1.0.11.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.0.11. tar.gz
Asterisk Asterisk 1.0.8
-
Asterisk asterisk-1.0.11.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.0.11. tar.gz
Asterisk Asterisk 1.0.9
-
Asterisk asterisk-1.0.11.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.0.11. tar.gz
Asterisk Asterisk 1.2 .0-beta1
-
Asterisk asterisk-1.2.9.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.2.9.t ar.gz
Asterisk Asterisk 1.2 .0-beta2
-
Asterisk asterisk-1.2.9.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.2.9.t ar.gz
Asterisk Asterisk 1.2.6
-
Asterisk asterisk-1.2.9.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.2.9.t ar.gz
Asterisk Asterisk 1.2.7
-
Asterisk asterisk-1.2.9.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.2.9.t ar.gz
Asterisk Asterisk 1.2.8
-
Asterisk asterisk-1.2.9.tar.gz
http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.2.9.t ar.gz
References
Asterisk IAX2 Remote Buffer Overflow Vulnerability
References:
References:
- Asterisk Homepage (Asterisk)
- Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix (Matt Riddell)
- CORE-2006-0330: Asterisk PBX truncated video frame vulnerability (Core Security Technologies advisories
)