oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 09 Dec 2011 13:00:36 +0100
Hello Kurt, Steve, vendors,

  the following two security flaws have been recently fixed:
  http://www.asterisk.org/node/51693

in Asterisk:

1) AST-2011-013 Possible to enumerate SIP usernames when general and user/peer NAT settings differed

   An information disclosure flaw was found in the way Asterisk handled UDP
   requests in configurations using network address translation (NAT) for the SIP
   protocol. When the general configuration file section and user / peer
   configuration file section NAT settings differed, it was possible to enumerate
   SIP usernames if the request was sent to different port as that, specified in
   the Via header.

   References:
   [1] http://www.asterisk.org/node/51693
   [2] http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
   [3] http://lists.digium.com/pipermail/asterisk-dev/2011-November/thread.html#52191
   [4] https://bugs.gentoo.org/show_bug.cgi?id=394095
   [5] https://bugzilla.redhat.com/show_bug.cgi?id=765773

   Upstream bug report:
   [6] https://issues.asterisk.org/jira/browse/ASTERISK-18862

   Upstream review board request:
   [7] https://reviewboard.asterisk.org/r/1591/

   Upstream patch (for 1.8 branch):
   [8] http://svnview.digium.com/svn/asterisk?view=revision&sortby=date&revision=345828

2) AST-2011-014 NULL pointer dereference (crash) when processing INFO automon message
   with no channel

   A NULL pointer dereference flaw was found in the way Asterisk handled INFO
   requests, when the 'automon' feature was enabled. If no channel had been
   created yet, a remote attacker could use this flaw to cause a denial of service
   (asterisk crash) by sending an INFO request.

   References:
   [9]  http://www.asterisk.org/node/51693
   [10] http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
   [11] https://bugs.gentoo.org/show_bug.cgi?id=394095
   [12] https://bugzilla.redhat.com/show_bug.cgi?id=765776

   Upstream patch (for 1.8 branch):
   [13] http://svnview.digium.com/svn/asterisk?view=revision&sortby=date&revision=347533

Could you allocate CVE ids for these?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Previous By Date Next
Previous By Thread Next

Current thread: