| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 1 Nov 2006 15:59:23 -0000 From: sil@...iltrated.net To: bugtraq@...urityfocus.com Subject: Asterisk Local and Remote Denial of Service vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Product: Asterisk Open Source PBX Impact: Multiple Local and Remote Denials of Service Version(s): All versions prior to 1.2.13 Author: Jesus Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' I. BACKGROUND Asterisk is an Open Source PBX which runs on Linux, BSD, Solaris and MacOSX that provides all of the features in a standard PBX. Asterisk does voice over IP and can interoperate with almost all telephony equipment. II. DESCRIPTION A sequence of malformed (pre-defined) packets can cause different denial of services on Asterisk. The attack is both local and remote. These denial of services can range from the Asterisk server shutting down, channels being opened and filling up queues. Log file denials of service by filling space with errors and ranDumb messages. Voicemail space allocation being filled, and ICMP denials of service. III SOLUTION Versions 1.2.13 and greater are no longer vulnerable to the attack and users are urged to update to 1.2.13 or better. IV. SOURCE http://www.infiltrated.net/asteroid/asteroidv1.tar.gz V. POSSIBILITIES While the initial packet creation tool was tested on Asterisk, it was not targeted towards Asterisk but at the SIP protocol. Asterisk was used merely for Wireshark packet captures in order to re-create newer packets. The Asteroid SIP denial of service tool could also affect other products that run the SIP protocol including soft phones, other PBX's, etc. VI. MENTIONS Thanks to Kevin P. Flemming and the guys at Asterisk fixing this promptly. Dan York for getting people to pay attention. Tim Donahue for his Perl pointers, vgersh99 (aka vlad) for nawk pointers, PHV, Annihilannic, p5wizard, Anthony LaMantia, Tzafir Cohen, and the others on the Asterisk-Dev list. VII. TESTBED Tested on Solaris, FreeBSD, Linux (SuSE, CentOS, Gentoo, Debian) distributions running various versions Asterisk. VIII. CHECKSUMS $ md5 asteroidv1.tar.gz MD5 (asteroidv1.tar.gz) = b32c56ab4004d2a75eeee109d9e8d824 $ sha1 asteroidv1.tar.gz SHA1 (asteroidv1.tar.gz) = 0345fc7e423bddb8d9aa5fae431c0715db70a879 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 "How a man plays the game shows something of his character - how he loses shows all" - Mr. Luckey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (FreeBSD) iD8DBQFFRnM0h3J3NhODp0MRAu0NAJsFLdCKJgRqtjLs35GtXxRKNYNaLgCg8xxI zZUQr4YWe0BE8RHpvEYTyEI= =TLzd -----END PGP SIGNATURE-----
Powered by blists - more mailing lists