Critical vulnerabilities in Asterisk
Digium has fixed several critical vulnerabilities which could be exploited by an attacker to inject code onto the server into its open source telephone system application Asterisk. The vulnerabilities are buffer overflows on the stack which can be exploited using the HTTP, SIP and XMPP protocols. Only the XMPP vulnerability requires an active session.
The vulnerabilities rely on the fact that the Asterisk Management Interface (AMI) reserves a space on the stack, the size of which can be specified by the attacker. If the reserved space does not fit on the stack, an overflow occurs. Brandon Edwards, one of the team which discovered the vulnerabilities, has posted a detailed description on his blog.
Open source versions 1.8.x, 10.x and 11.x, Certified Asterisk 1.8.11 (intended for commercial use) and Digium VoIP phones containing firmware version 10.x are all vulnerable. The fixed versions are versions 18.104.22.168, 10.11.1, 11.1.2, Certified Asterisk 1.8.11-cert10, and version 10.11.1 for Digium phones.