BID:23155 - Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

BID:23155

Info

Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

Bugtraq ID:	23155
Class:	Access Validation Error
CVE:	CVE-2007-1595
Remote:	Yes
Local:	No
Published:	Mar 27 2007 12:00AM
Updated:	Jun 07 2007 04:40PM
Credit:	Philipp Kempgen is credited with the discovery of this vulnerability.
Vulnerable:	SuSE Linux 10.1 Asterisk Asterisk 1.4.2 Asterisk Asterisk 1.4.1 Asterisk Asterisk 1.2.17 Asterisk Asterisk 1.2.16 Asterisk Asterisk 1.2.15 Asterisk Asterisk 1.2.14 Asterisk Asterisk 1.2.13 Asterisk Asterisk 1.2.11 Asterisk Asterisk 1.2.11 Asterisk Asterisk 1.2.10 Asterisk Asterisk 1.2.9 Asterisk Asterisk 1.2.8 Asterisk Asterisk 1.2.7 Asterisk Asterisk 1.2.6 Asterisk Asterisk 1.2.5 Asterisk Asterisk 1.2 .0-beta2 Asterisk Asterisk 1.2 .0-beta1 Asterisk Asterisk 1.4 Beta

Not Vulnerable:

Discussion

Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

Asterisk PBX is prone to a security-bypass vulnerability because the Asterisk Extension Language (AEL) fails to securely generate extensions when compiling arbitrary labels.

An attacker can exploit this issue to bypass security restrictions. The attacker may then be able to access sensitive information and to change user settings.

This issue affects versions in the 1.2.0 and 1.4.0 branches.

This issue affects all versions in the following branches:

1.2.x
1.4.x

Exploit / POC

Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

An attacker can exploit this issue using readily available VoIP utilities.

Solution / Fix

Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

Solution:
The vendor has released fixes to address this issue. Please see the references for more information.

Asterisk Asterisk 1.4 Beta

Asterisk Revision 59073
http://svn.digium.com/view/asterisk?rev=59073&view=rev

Asterisk Asterisk 1.2 .0-beta1

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2 .0-beta2

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.10

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.11

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.11

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.13

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.14

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.15

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.16

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.17

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.5

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.6

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.7

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.8

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.2.9

Asterisk Revision 59069
http://svn.digium.com/view/asterisk?rev=59069&view=rev

Asterisk Revision 59070
http://svn.digium.com/view/asterisk?rev=59070&view=rev

Asterisk Asterisk 1.4.1

Asterisk Revision 59073
http://svn.digium.com/view/asterisk?rev=59073&view=rev

Asterisk Asterisk 1.4.2

Asterisk Revision 59073
http://svn.digium.com/view/asterisk?rev=59073&view=rev

References

Asterisk PBX_AEL.C Switch Blocks Security Bypass Vulnerability

References:

AEL security risk in switch blocks (Asterisk)
Vendor Homepage (Asterisk)