Several vulnerabilities in Asterisk PBX software
The developers of Asterisk, a PBX software package, have reported several vulnerabilities which may be exploited to compromise system operations. RTP packets with a voice or video payload of more than 4 KB may cause a buffer overflow in the iax_frame_wrap function of the IAX2 channel driver (chan_iax2). Arbitrary code injection and execution is also possible. IAX (InterAsterisk eXchange) is a proprietary Asterisk protocol that allows systems to communicate with each other.
Processing defective LAGRQ and LAGRP packets within the IAX protocol or specially crafted STUN packets used by Asterisk to exchange information between devices via intermediate NAT gateways may also cause Asterisk to crash. Finally, a bug in the skinny channel driver (chan_skinny) causes a denial of service if certain packets are received.
Affected systems include Asterisk Open Source 1.x, Asterisk Business Edition A.x, Asterisk Business Edition B.x, AsteriskNOW, Asterisk Appliance Developer Kit 0.x and the Asterisk Appliance s800i 1.x. The flaw does not exist in all products. The original security advisories provide a detailed overview. To fix the problems, users are advised to install the following versions: Asterisk 1.2.22 or 1.4.8, Asterisk Business Edition B.2.2.1, AsteriskNOW Beta7, Asterisk Appliance Developer Kit 0.5.0 or Asterisk Appliance s800i 1.0.2.
- Stack Buffer Overflow in IAX2 Channel Driver, security advisory by Digium
- Remote Crash Vulnerability in IAX2 Channel Driver, security advisory by Digium
- Remote Crash Vulnerability in Skinny Channel Driver, security advisory by Digium
- Remote Crash Vulnerability in STUN implementation, security advisory by Digium
(mba)