Asterisk Project Security Advisory - AST-2012-009

          Product         Asterisk                                            
          Summary         Skinny Channel Driver Remote Crash Vulnerability    
     Nature of Advisory   Denial of Service                                   
       Susceptibility     Remote authenticated sessions                       
          Severity        Minor                                               
       Exploits Known     No                                                  
        Reported On       May 30, 2012                                        
        Reported By       Christoph Hebeisen, TELUS Security Labs             
         Posted On        June 14, 2012                                       
      Last Updated On     June 14, 2012                                       
      Advisory Contact    Matt Jordan < mjordan AT digium DOT com >           
          CVE Name        CVE-2012-3553                                       

    Description  AST-2012-008 previously dealt with a denial of service       
                 attack exploitable in the Skinny channel driver that         
                 occurred when certain messages are sent after a previously   
                 registered station sends an Off Hook message. Unresolved in  
                 that patch is an issue in the Asterisk 10 releases,          
                 wherein, if a Station Key Pad Button Message is processed    
                 after an Off Hook message, the channel driver will           
                 inappropriately dereference a Null pointer.                  
                                                                              
                 Similar to AST-2012-008, a remote attacker with a valid      
                 SCCP ID can can use this vulnerability by closing a          
                 connection to the Asterisk server when a station is in the   
                 "Off Hook" call state and crash the server.                  

    Resolution  The presence of a device for a line is now checked in the     
                appropriate channel callbacks, preventing the crash.          

                               Affected Versions
                Product              Release Series  
         Asterisk Open Source             10.x       All Versions             

                                  Corrected In  
                     Product                              Release             
               Asterisk Open Source                        10.5.1             

                                    Patches                        
                               SVN URL                              Revision  
   http://downloads.asterisk.org/pub/security/AST-2012-009-10.diff v10        

       Links     https://issues.asterisk.org/jira/browse/ASTERISK-19905       

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    http://downloads.digium.com/pub/security/AST-2012-009.pdf and             
    http://downloads.digium.com/pub/security/AST-2012-009.html                

                                Revision History
          Date                  Editor                 Revisions Made         
    06/14/2012         Matt Jordan               Initial Release              

               Asterisk Project Security Advisory - AST-2012-009
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.