Asterisk
Project Security Advisory -
|
Product |
Asterisk |
|
Summary |
File descriptor exhaustion in chan_sip |
|
Nature of Advisory |
Denial of Service |
|
Susceptibility |
Remote Unauthenticated Sessions |
|
Severity |
Minor |
|
Exploits Known |
Yes |
|
Reported On |
September 17, 2015 |
|
Reported By |
Alexander Traud |
|
Posted On |
February 3, 2016 |
|
Last Updated On |
|
|
Advisory Contact |
Richard Mudgett <rmudgett AT digium DOT com> |
|
CVE Name |
CVE-2016-2316 |
|
Description |
Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors. |
|
Resolution |
Setting the sip.conf timert1 value to 1245 or lower will not exhibit the vulnerability. The default timert1 value is 500. Asterisk has been patched to detect the integer overflow and calculate the previous retransmission timer value. |
|
Affected Versions |
||
|
Product |
Release Series |
|
|
Asterisk Open Source |
1.8.x |
All versions |
|
Asterisk Open Source |
11.x |
All versions |
|
Asterisk Open Source |
12.x |
All versions |
|
Asterisk Open Source |
13.x |
All versions |
|
Certified Asterisk |
1.8.28 |
All versions |
|
Certified Asterisk |
11.6 |
All versions |
|
Certified Asterisk |
13.1 |
All versions |
|
Corrected In |
|
|
Product |
Release |
|
Asterisk Open Source |
11.21.1, 13.7.1 |
|
Certified Asterisk |
11.6-cert12, 13.1-cert3 |
|
Patches |
|
|
SVN URL |
Revision |
|
http://downloads.asterisk.org/pub/security/AST-2016-002-1.8.28.diff |
Certified Asterisk 1.8.28 |
|
http://downloads.asterisk.org/pub/security/AST-2016-002-11.6.diff |
Certified Asterisk 11.6 |
|
http://downloads.asterisk.org/pub/security/AST-2016-002-13.1.diff |
Certified Asterisk 13.1 |
|
http://downloads.asterisk.org/pub/security/AST-2016-002-1.8.diff |
Asterisk 1.8 |
|
http://downloads.asterisk.org/pub/security/AST-2016-002-11.diff |
Asterisk 11 |
|
http://downloads.asterisk.org/pub/security/AST-2016-002-12.diff |
Asterisk 12 |
|
http://downloads.asterisk.org/pub/security/AST-2016-002-13.diff |
Asterisk 13 |
|
Links |
https://issues.asterisk.org/jira/browse/ASTERISK-25397 |
|
Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later
versions; if so, the latest version will be posted at
http://downloads.digium.com/pub/security/ |
|
Revision History |
||
|
Date |
Editor |
Revisions Made |
|
September 29, 2015 |
Richard Mudgett |
Initial document created |
|
February 15, 2016 |
Kevin Harwell |
CVE assignment |
Asterisk
Project Security Advisory -
Copyright
©
Permission is hereby granted
to distribute and publish this advisory in its original, unaltered
form.