ISS X-Force Database: asterisk-asturidecode-dos(42823): Asterisk ast_uri

Asterisk ast_uri_decode() denial of service

asterisk-asturidecode-dos (42823)

Low Risk

Description:

Asterisk is vulnerable to a denial of service caused by a NULL pointer dereference error in the ast_uri_decode() function when the "pedantic" processing is enabled. By sending a specially-crafted SIP message without a "From" field, a remote attacker could exploit this vulnerability to crash the vulnerable application.

Platforms Affected:

Digium, Asterisk Business Edition A
Digium, Asterisk Business Edition B.1.3.2
Digium, Asterisk Business Edition B.1.3.3
Digium, Asterisk Business Edition B.2.2.0
Digium, Asterisk Business Edition B.2.2.1
Digium, Asterisk Business Edition B.2.3.1
Digium, Asterisk Business Edition B.2.3.2
Digium, Asterisk Business Edition B.2.3.3
Digium, Asterisk Business Edition B.2.3.4
Digium, Asterisk Business Edition B.2.5.0
Digium, Asterisk Business Edition B.2.5.1
Digium, Asterisk Open Source 1.0
Digium, Asterisk Open Source 1.0.0
Digium, Asterisk Open Source 1.0.1
Digium, Asterisk Open Source 1.0.11
Digium, Asterisk Open Source 1.0.11.1
Digium, Asterisk Open Source 1.0.12
Digium, Asterisk Open Source 1.0.2
Digium, Asterisk Open Source 1.0.3
Digium, Asterisk Open Source 1.0.4
Digium, Asterisk Open Source 1.0.5
Digium, Asterisk Open Source 1.0.6
Digium, Asterisk Open Source 1.0.7
Digium, Asterisk Open Source 1.0.8
Digium, Asterisk Open Source 1.0.9
Digium, Asterisk Open Source 1.2.0
Digium, Asterisk Open Source 1.2.1
Digium, Asterisk Open Source 1.2.10
Digium, Asterisk Open Source 1.2.11
Digium, Asterisk Open Source 1.2.12
Digium, Asterisk Open Source 1.2.12.1
Digium, Asterisk Open Source 1.2.13
Digium, Asterisk Open Source 1.2.14
Digium, Asterisk Open Source 1.2.15
Digium, Asterisk Open Source 1.2.16
Digium, Asterisk Open Source 1.2.17
Digium, Asterisk Open Source 1.2.18
Digium, Asterisk Open Source 1.2.19
Digium, Asterisk Open Source 1.2.2
Digium, Asterisk Open Source 1.2.20
Digium, Asterisk Open Source 1.2.21
Digium, Asterisk Open Source 1.2.21.1
Digium, Asterisk Open Source 1.2.22
Digium, Asterisk Open Source 1.2.23
Digium, Asterisk Open Source 1.2.24
Digium, Asterisk Open Source 1.2.25
Digium, Asterisk Open Source 1.2.26
Digium, Asterisk Open Source 1.2.26.1
Digium, Asterisk Open Source 1.2.26.2
Digium, Asterisk Open Source 1.2.27
Digium, Asterisk Open Source 1.2.28
Digium, Asterisk Open Source 1.2.3
Digium, Asterisk Open Source 1.2.4
Digium, Asterisk Open Source 1.2.5
Digium, Asterisk Open Source 1.2.6
Digium, Asterisk Open Source 1.2.7
Digium, Asterisk Open Source 1.2.7.1
Digium, Asterisk Open Source 1.2.8
Digium, Asterisk Open Source 1.2.9
Digium, Asterisk Open Source 1.2.9.1
Gentoo, Linux

Remedy:

Refer to AST-2008-008 for patch, upgrade or suggested workaround information. See References.

Consequences:

Denial of Service

References:

AST-2008-008, Remote Crash Vulnerability in SIP channel driver when run in pedantic mode at http://downloads.digium.com/pub/security/AST-2008-008.html.
CVE-2008-2119: Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing (aka pedanticsipchecking) is enabled, allows remote attackers to cause a denial of service (daemon crash) via a SIP INVITE message that lacks a From header, related to invocations of the ast_uri_decode function, and improper handling of (1) an empty const string and (2) a NULL pointer.
GLSA-200905-01: Asterisk: Multiple vulnerabilities
SA30517: Asterisk "pedantic" SIP Processing Denial of Service
SECTRACK ID: 1020166: Asterisk Pedantic Mode Bug in ast_uri_decode() Lets Remote Users Deny Service
VUPEN/ADV-2008-1731: Asterisk SIP Channel Driver From Header Denial of Service Vulnerability

Reported:

Jun 03, 2008

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page