Asterisk Security

أضف رد جديد
albalawi
مدير الموقع
مشاركات: 234
اشترك في: 11 مايو 2010, 19:53
مكان: Germany
اتصال:
اتصل بـ albalawi

Asterisk Security

مشاركة بواسطة albalawi »

http://www.asterisk.org/security

http://voiptoday.org/index.php?option=c ... Itemid=173


كود: تحديد الكل

Written by voiptoday    Wednesday, 19 January 2011 10:22    	Print
Asterisk Security: Stack buffer overflow in SIP channel driver!

asterisk_security How stack buffer overflow in SIP channel driver happened?

When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. This vulnerability also affects the URIENCODE dialplan function and in some versions of asterisk, the AGI dialplan application as well.   
The ast_uri_encode function does not properly respect the size of its output buffer and can write past the end of it when encoding URIs.   

 Affected Versions:

    Product                                    Release Series 
    Asterisk Open Source            1.2.x       All versions                 Asterisk Open Source            1.4.x     All versions                 Asterisk Open Source            1.6.x       All versions                 Asterisk Open Source            1.8.x     All versions               Asterisk Business Edition        C.x.x      All versions                      AsteriskNOW                     1.5        All versions              s800i (Asterisk Appliance)                1.2.x      All versions   

Resolution:

The size of the output buffer passed to the ast_uri_encode function is now properly respected. In asterisk versions not containing the fix for this issue, limiting strings originating from remote sources that will be URI encoded to a length of 40 characters will protect against this vulnerability.                                            

exten => s,1,Set(CALLERID(num)=${CALLERID(num):0:40})          
exten => s,n,Set(CALLERID(name)=${CALLERID(name):0:40})        
exten => s,n,Dial(SIP/channel)                                 

The CALLERID(num) and CALLERID(name) channel values, and any strings passed to the URIENCODE dialplan function should be limited in this manner.

Patches:

http://downloads.asterisk.org/pub/security/AST-2011-001-1.4.diff    1.4   
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.1.diff  1.6.1 
http://downloads.asterisk.org/pub/security/AST-2011-001-1.6.2.diff  1.6.2 
http://downloads.asterisk.org/pub/security/AST-2011-001-1.8.diff    1.8   

Asterisk Project Security Advisories are posted at http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest version will be posted at

http://downloads.digium.com/pub/security/AST-2011-001.pdf and             
http://downloads.digium.com/pub/security/AST-2011-001.html
Last Updated ( Wednesday, 19 January 2011 10:23 )
أعلى
أضف رد جديد

العودة إلى ”أخبار أستريسك:Asterisk News“