Asterisk Open Source CVE-2013-2685 Stack Buffer Overflow Vulnerability
BID:58760
Info
Asterisk Open Source CVE-2013-2685 Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 58760 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2013-2685 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2013 12:00AM |
| Updated: | Apr 13 2015 10:09PM |
| Credit: | Ulf Härnhammar |
| Vulnerable: |
Mandriva Business Server 1 X86 64 Mandriva Business Server 1 Asterisk Asterisk Open Source 11.2.1 Asterisk Asterisk Open Source 11.2 Asterisk Asterisk Open Source 11.1.2 Asterisk Asterisk Open Source 11.1.1 Asterisk Asterisk Open Source 11.1.0 |
| Not Vulnerable: |
Asterisk Asterisk Open Source 11.2.2 |
Discussion
Asterisk Open Source CVE-2013-2685 Stack Buffer Overflow Vulnerability
Asterisk Open Source is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user supplied data.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Asterisk Open Source 11.2.2 are vulnerable.
Asterisk Open Source is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user supplied data.
An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Asterisk Open Source 11.2.2 are vulnerable.
Exploit / POC
Asterisk Open Source CVE-2013-2685 Stack Buffer Overflow Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Asterisk Open Source CVE-2013-2685 Stack Buffer Overflow Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Mandriva Business Server 1 X86 64
-
Mandriva asterisk-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-addons-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-devel-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-firmware-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-alsa-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-calendar-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-cel-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-corosync-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-curl-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-dahdi-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-fax-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-festival-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-ices-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-jabber-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-jack-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-ldap-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-lua-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-minivm-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-mobile-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-mp3-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-mysql-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-ooh323-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-osp-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-oss-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-pgsql-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-pktccops-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-portaudio-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-radius-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-saycountpl-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-skinny-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-snmp-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-speex-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-sqlite-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-tds-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-unistim-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-voicemail-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-voicemail-imap-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva asterisk-plugins-voicemail-plain-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva lib64asteriskssl1-11.2.2-1.mbs1.x86_64.rpm
http://www.mandriva.com/en/downloads/
References
Asterisk Open Source CVE-2013-2685 Stack Buffer Overflow Vulnerability
References:
References:
- Asterisk Homepage (Asterisk)
- Asterisk Project Security Advisory - AST-2013-001 (Asterisk)
- Buffer Overflow Exploit Through SIP SDP Header (Asterisk)