Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Asterisk :: bx2448.htm

Asterisk HTTP Manager ID is predictable



AST-2008-005: HTTP Manager ID is predictable
AST-2008-005: HTTP Manager ID is predictable



               Asterisk Project Security Advisory - AST-2008-005

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | HTTP Manager ID is predictable                  |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | An attacker could hijack a manager session      |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | All users using the HTTP manager port           |
   |----------------------+-------------------------------------------------|
   |       Severity       | Minor                                           |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | February 25, 2008                               |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Dino A. Dai Zovi < ddz AT theta44 DOT org >     |
   |----------------------+-------------------------------------------------|
   |      Posted On       | March 18, 2008                                  |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | March 18, 2008                                  |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Tilghman Lesher < tlesher AT digium DOT com >   |
   |----------------------+-------------------------------------------------|
   |       CVE Name       | CVE-2008-1390                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | Due to the way that manager IDs are calculated, this     |
   |             | 32-bit integer is likely to have a much larger than      |
   |             | average number of 1s, which greatly reduces the number   |
   |             | of guesses an attacker would have to make to             |
   |             | successfully predict the manager ID, which is used       |
   |             | across multiple HTTP queries to hold manager state.      |
   |             |                                                          |
   |             | "The issue is the generation of session ids in the       |
   |             | AsteriskGUI HTTP server.                                 |
   |             |                                                          |
   |             | When using Glibc, the implementation and state of rand() |
   |             | and random() is                                          |
   |             |                                                          |
   |             | shared. Asterisk uses random() to issue MD5 digest       |
   |             | authentication                                           |
   |             |                                                          |
   |             | challenges and rand() bitwise-ORed with a malloc'd       |
   |             | pointer to generate                                      |
   |             |                                                          |
   |             | AsteriskGUI session identifiers. An attacker can         |
   |             | synchronize with                                         |
   |             |                                                          |
   |             | random() by retrieving 32 successive challenges and      |
   |             | predict all subsequent                                   |
   |             |                                                          |
   |             | output of calls to random() and rand(). Because a        |
   |             | pointer returned by                                      |
   |             |                                                          |
   |             | malloc has at best 21 bits of entropy, the attacker will |
   |             | on average only                                          |
   |             |                                                          |
   |             | need to guess 1448 session identifiers in order to steal |
   |             | an established                                           |
   |             |                                                          |
   |             | session.                                                 |
   |             |                                                          |
   |             | "The crux of the problem is that under Glibc, the        |
   |             | implementation of rand()                                 |
   |             |                                                          |
   |             | and random() is shared. rand() is just an alias to       |
   |             | random(). This means                                     |
   |             |                                                          |
   |             | that they all come from the same randomizer with the     |
   |             | same state.                                              |
   |             |                                                          |
   |             | "A remote attacker can synchronize with all subsequent   |
   |             | output of a remote                                       |
   |             |                                                          |
   |             | system's random() state by just observing or retrieving  |
   |             | 32 successive                                            |
   |             |                                                          |
   |             | outputs. They can easily do this by generating 32 MD5    |
   |             | digest                                                   |
   |             |                                                          |
   |             | authentication challenges. At this point, they will be   |
   |             | able to predict                                          |
   |             |                                                          |
   |             | all subsequent output of random() and rand().            |
   |             |                                                          |
   |             | "The memory address returned by calloc() is also not     |
   |             | sufficiently random.                                     |
   |             |                                                          |
   |             | In practice, it will be in low memory, immediately       |
   |             | following the executable.                                |
   |             |                                                          |
   |             | In addition, the buffer returned will be 8-byte aligned. |
   |             | This means that                                          |
   |             |                                                          |
   |             | the high order 8 bits and low order 3 bits will always   |
   |             | be zero. Finally,                                        |
   |             |                                                          |
   |             | this value is bitwise ORed with the output of random(),  |
   |             | so any bits that                                         |
   |             |                                                          |
   |             | are set will be preserved.                               |
   |             |                                                          |
   |             | "An attacker will only have to guess 2^N session ids,    |
   |             | where N is the number                                    |
   |             |                                                          |
   |             | of zeros in the number return by random() between bit    |
   |             | positions 3 and 24.                                      |
   |             |                                                          |
   |             | On average, this will be 1448 guesses.                   |
   |             |                                                          |
   |             | "However, an attacker can do better than this by         |
   |             | consuming challenges until                               |
   |             |                                                          |
   |             | the following number output by random() has many 1's in  |
   |             | those significant                                        |
   |             |                                                          |
   |             | bit positions."                                          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | To mitigate this attack, the two values are now XORed     |
   |            | together. This will increase the entropy to approximately |
   |            | 2^21, which is far more difficult to predict, especially  |
   |            | given that the random number generator is used for other  |
   |            | purposes in Asterisk, not just manager HTTP session ID    |
   |            | generation.                                               |
   |            |                                                           |
   |            | Upgrade to SVN revision 104704 or greater, or upgrade to  |
   |            | one of the releases below. That the random number         |
   |            | generator is used for other things makes this attack      |
   |            | extremely difficult and unlikely, so we will not produce  |
   |            | a separate release for this security advisory.            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |   Release   |                             |
   |                            |   Series    |                             |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.0.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.2.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
   |                            |             | 1.4.19-rc3                  |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.6.x    | All versions prior to       |
   |                            |             | 1.6.0-beta6                 |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    A.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    B.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    C.x.x    | All versions prior to C.1.6 |
   |----------------------------+-------------+-----------------------------|
   |        AsteriskNOW         | pre-release | All versions prior to 1.0.2 |
   |----------------------------+-------------+-----------------------------|
   |     Asterisk Appliance     |     SVN     | All revisions prior to      |
   |       Developer Kit        |             | 104704                      |
   |----------------------------+-------------+-----------------------------|
   | s800i (Asterisk Appliance) |    1.0.x    | All versions prior to       |
   |                            |             | 1.1.0.2                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |               Product                |             Release             |
   |--------------------------------------+---------------------------------|
   |         Asterisk Open Source         |     1.4.19-rc3, 1.6.0-beta6     |
   |--------------------------------------+---------------------------------|
   |      Asterisk Business Edition       |              C.1.6              |
   |--------------------------------------+---------------------------------|
   |             AsteriskNOW              |              1.0.2              |
   |--------------------------------------+---------------------------------|
   |   Asterisk Appliance Developer Kit   |  Asterisk 1.4 revision 104704   |
   |--------------------------------------+---------------------------------|
   |      s800i (Asterisk Appliance)      |             1.1.0.2             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
| http://www.asterisk.org/security | 
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
| http://downloads.digium.com/pub/security/AST-2008-005.pdf and | 
| http://downloads.digium.com/pub/security/AST-2008-005.html | 
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |         Editor         |       Revisions Made        |
   |-----------------+------------------------+-----------------------------|
   | 2008-03-18      | Tilghman Lesher        | Initial release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-005
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH