In association with heise online

19 March 2008, 08:55

Critical vulnerabilities in Asterisk plugged

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Vulnerabilities in the Asterisk telephony software could be exploited by attackers to inject and execute code. The development team have released updated versions of the software which fix these and other less critical vulnerabilities.

A buffer overflow can occur when processing Real-time Transport Protocol (RTP) packets if the payload number is greater than 256. Sending more than 32 payloads has a similar effect. This can be exploited by attackers to overwrite memory locations outside of the buffer. The bug affects Asterisk Open Source versions prior to, 1.4.19-rc3 and 1.6.0-beta6, Asterisk Business Edition prior to C.1.6.1, AsteriskNOW prior to 1.0.2, the Asterisk Appliance s800i prior to and the Asterisk Appliance Developer Kit, prior to the SVN version 1.4 revision 109386.

Using specific values for the From: field in SIP headers, attackers can make calls without authentication. The calls are sent in the context specified in the general section in the sip.conf configuration file. This bug affects all version of Asterisk.

The new versions also fix two less critical bugs. The software interprets log messages sent using versions of the Asterisk Open Source ast_verbose API prior to 1.6.0-beta6 as formatstrings instead of strings. This can cause the system to crash. In addition, the HTTP-Manager session ID is easily guessable.

Asterisk administrators should download and install the updated version of the software as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit