Asterisk Project Security Advisory - AST-2010-001 +------------------------------------------------------------------------+ | Product | Asterisk | |----------------------+-------------------------------------------------| | Summary | T.38 Remote Crash Vulnerability | |----------------------+-------------------------------------------------| | Nature of Advisory | Denial of Service | |----------------------+-------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |----------------------+-------------------------------------------------| | Severity | Critical | |----------------------+-------------------------------------------------| | Exploits Known | No | |----------------------+-------------------------------------------------| | Reported On | 12/03/09 | |----------------------+-------------------------------------------------| | Reported By | issues.asterisk.org users bklang and elsto | |----------------------+-------------------------------------------------| | Posted On | 02/03/10 | |----------------------+-------------------------------------------------| | Last Updated On | February 2, 2010 | |----------------------+-------------------------------------------------| | Advisory Contact | David Vossel < dvossel AT digium DOT com > | |----------------------+-------------------------------------------------| | CVE Name | CVE-2010-0441 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | An attacker attempting to negotiate T.38 over SIP can | | | remotely crash Asterisk by modifying the FaxMaxDatagram | | | field of the SDP to contain either a negative or | | | exceptionally large value. The same crash occurs when | | | the FaxMaxDatagram field is omitted from the SDP as | | | well. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | Upgrade to one of the versions of Asterisk listed in the | | | "Corrected In" section, or apply a patch specified in the | | | "Patches" section. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release Series | | |----------------------------------+----------------+--------------------| | Asterisk Open Source | 1.6.x | All versions | |----------------------------------+----------------+--------------------| | Asterisk Business Edition | C.3 | All versions | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |------------------------------------------+-----------------------------| | Asterisk Open Source | 1.6.0.22 | |------------------------------------------+-----------------------------| | Asterisk Open Source | 1.6.1.14 | |------------------------------------------+-----------------------------| | Asterisk Open Source | 1.6.2.2 | |------------------------------------------+-----------------------------| | | C.3.3.2 | +------------------------------------------------------------------------+ +-------------------------------------------------------------------------+ | Patches | |-------------------------------------------------------------------------| | SVN URL |Branch| |------------------------------------------------------------------+------| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.0.diff|v1.6.0| |------------------------------------------------------------------+------| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.1.diff|v1.6.1| |------------------------------------------------------------------+------| |http://downloads.asterisk.org/pub/security/AST-2010-001-1.6.2.diff|v1.6.2| +-------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Links | https://issues.asterisk.org/view.php?id=16634 | | | | | | https://issues.asterisk.org/view.php?id=16724 | | | | | | https://issues.asterisk.org/view.php?id=16517 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/.pdf and | | http://downloads.digium.com/pub/security/.html | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Revision History | |------------------------------------------------------------------------| | Date | Editor | Revisions Made | |----------------+----------------------+--------------------------------| | 02/02/10 | David Vossel | Initial release | +------------------------------------------------------------------------+ Asterisk Project Security Advisory - AST-2010-001 Copyright (c) 2010 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.