AOH :: HP Unsorted S :: TB12020.HTM

Skinny channel driver



ASA-2007-019: Remote crash vulnerability in Skinny channel driver
ASA-2007-019: Remote crash vulnerability in Skinny channel driver



               Asterisk Project Security Advisory - ASA-2007-019

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Remote crash vulnerability in Skinny channel      |
   |                    | driver                                            |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Denial of Service                                 |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Authenticated Sessions                     |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Wei Wang of McAfee AVERT Labs                     |
   |--------------------+---------------------------------------------------|
   |     Posted On      | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | August 7, 2007                                    |
   |--------------------+---------------------------------------------------|
| Advisory Contact | Jason Parker  | 
   |--------------------+---------------------------------------------------|
   |      CVE Name      |                                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | The Asterisk Skinny channel driver, chan_skinny, has a   |
   |             | remotely exploitable crash vulnerability. A segfault can |
   |             | occur when Asterisk receives a                           |
   |             | "CAPABILITIES_RES_MESSAGE" packet where the capabilities |
   |             | count is greater than the total number of items in the   |
   |             | capabilities_res_message array. Note that this requires  |
   |             | an authenticated session.                                |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Asterisk code has been modified to limit the incoming     |
   |            | capabilities count.                                       |
   |            |                                                           |
   |            | Users with configured Skinny devices should upgrade to    |
   |            | the appropriate version listed in the corrected in        |
   |            | section of this advisory.                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |             Product              |   Release   |                       |
   |                                  |   Series    |                       |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.0.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.2.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |       Asterisk Open Source       |    1.4.x    | All versions prior to |
   |                                  |             | 1.4.10                |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    A.x.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |    Asterisk Business Edition     |    B.x.x    | Not affected          |
   |----------------------------------+-------------+-----------------------|
   |           AsteriskNOW            | pre-release | All versions prior to |
   |                                  |             | beta7                 |
   |----------------------------------+-------------+-----------------------|
   | Asterisk Appliance Developer Kit |    0.x.x    | All versions prior to |
   |                                  |             | 0.7.0                 |
   |----------------------------------+-------------+-----------------------|
   |    s800i (Asterisk Appliance)    |    1.0.x    | All versions prior to |
   |                                  |             | 1.0.3                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |                 1.4.10, available from                 |
| Source | http://downloads.digium.com/pub/telephony/asterisk | 
   |---------------+--------------------------------------------------------|
| AsteriskNOW | Beta7, available from http://www.asterisknow.org/. | 
   |               |   Beta5 and Beta6 users can update using the system    |
   |               |     update feature in the appliance control panel.     |
   |---------------+--------------------------------------------------------|
   |   Asterisk    |                 0.7.0, available from                  |
| Appliance | http://downloads.digium.com/pub/telephony/aadk | 
   | Developer Kit |                                                        |
   |---------------+--------------------------------------------------------|
   |     s800i     |                         1.0.3                          |
   |   (Asterisk   |                                                        |
   |  Appliance)   |                                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
| http://www.asterisk.org/security. | 
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
| http://downloads.digium.com/pub/asa/ASA-2007-019.pdf and | 
| http://downloads.digium.com/pub/asa/ASA-2007-019.html. | 
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |        Date        |         Editor         |      Revisions Made      |
   |--------------------+------------------------+--------------------------|
| August 7, 2007 | jparker@digium.com | Initial Release | 
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - ASA-2007-019
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.