Asterisk
Project Security Advisory -
|
Product |
Asterisk |
|
Summary |
Crash on ACK from unknown endpoint |
|
Nature of Advisory |
Remote Crash |
|
Susceptibility |
Remote unauthenticated sessions |
|
Severity |
Critical |
|
Exploits Known |
No |
|
Reported On |
August 3, 2016 |
|
Reported By |
Nappsoft |
|
Posted On |
|
|
Last Updated On |
|
|
Advisory Contact |
mark DOT michelson AT digium DOT com |
|
CVE Name |
|
|
Description |
Asterisk can be crashed remotely by sending an ACK to it from an endpoint username that Asterisk does not recognize. Most SIP request types result in an “artificial” endpoint being looked up, but ACKs bypass this lookup. The resulting NULL pointer results in a crash when attempting to determine if ACLs should be applied.
This issue was introduced in the Asterisk 13.10 release and only affects that release.
This issue only affects users using the PJSIP stack with Asterisk. Those users that use chan_sip are unaffected. |
|
Resolution |
ACKs now result in an artificial endpoint being looked up just like other SIP request types. |
|
Affected Versions |
||
|
Product |
Release Series |
|
|
Asterisk Open Source |
11.x |
Unaffected |
|
Asterisk Open Source |
13.x |
13.10.0 |
|
Certified Asterisk |
11.6 |
Unaffected |
|
Certified Asterisk |
13.8 |
Unaffected |
|
Corrected In |
|
|
Product |
Release |
|
Asterisk Open Source |
13.11.1 |
|
Patches |
|
|
SVN URL |
Revision |
|
|
|
|
|
|
|
Links |
|
|
Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later
versions; if so, the latest version will be posted at
http://downloads.digium.com/pub/security/ |
|
Revision History |
||
|
Date |
Editor |
Revisions Made |
|
August 16, 2016 |
Mark Michelson |
Initial draft of Advisory |
Asterisk
Project Security Advisory -
Copyright
©
Permission is hereby granted
to distribute and publish this advisory in its original, unaltered
form.