Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Asterisk :: bx2455.htm

Asterisk: Format String Vulnerability in Logger and Manager



AST-2008-004: Format String Vulnerability in Logger and Manager
AST-2008-004: Format String Vulnerability in Logger and Manager



               Asterisk Project Security Advisory - AST-2008-004

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Format String Vulnerability in Logger and Manager |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Denial of Service                                 |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | March 13, 2008                                    |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Steve Davies (bugs.digium.com user stevedavies)   |
   |                    |                                                   |
   |                    | Brandon Kruse (bugs.digium.com user bkruse)       |
   |--------------------+---------------------------------------------------|
   |     Posted On      | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | March 18, 2008                                    |
   |--------------------+---------------------------------------------------|
| Advisory Contact | Joshua Colp  | 
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2008-1333                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | Logging messages displayed using the ast_verbose logging |
   |             | API call are not displayed as a character string, they   |
   |             | are displayed as a format string.                        |
   |             |                                                          |
   |             | Output as a result of the Manager command "command" is   |
   |             | not appended to the resulting response message as a      |
   |             | character string, it is appended as a format string.     |
   |             |                                                          |
   |             | It is possible in both instances for an attacker to      |
   |             | provide a formatted string as a value for input which    |
   |             | can cause a crash.                                       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Input given to both the ast_verbose logging API call and  |
   |            | astman_append function is now interpreted as a character  |
   |            | string and not as a format string.                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           | Release |                                 |
   |                            | Series  |                                 |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.0.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.2.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.4.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |    Asterisk Open Source    |  1.6.x  | All versions prior to           |
   |                            |         | 1.6.0-beta6                     |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  A.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  B.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   | Asterisk Business Edition  |  C.x.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |        AsteriskNOW         |  1.0.x  | Unaffected                      |
   |----------------------------+---------+---------------------------------|
   |     Asterisk Appliance     |  0.x.x  | Unaffected                      |
   |       Developer Kit        |         |                                 |
   |----------------------------+---------+---------------------------------|
   | s800i (Asterisk Appliance) |  1.0.x  | Unaffected                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |    Product    |                        Release                         |
   |---------------+--------------------------------------------------------|
   | Asterisk Open |              1.6.0-beta6, available from               |
| Source | http://downloads.digium.com/pub/telephony/asterisk | 
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
| Links | http://bugs.digium.com/view.php?id=12205 | 
   |                  |                                                     |
| | http://bugs.digium.com/view.php?id=12206 | 
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
| http://www.asterisk.org/security | 
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
| http://downloads.digium.com/pub/security/AST-2008-004.pdf and | 
| http://downloads.digium.com/pub/security/AST-2008-004.html | 
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |       Date       |       Editor       |         Revisions Made         |
   |------------------+--------------------+--------------------------------|
   | 2008-03-18       | Joshua Colp        | Initial Release                |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2008-004
              Copyright (c) 2008 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH