lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1lCnET-00011K-Rk@mail.digium.com>
Date: Thu, 18 Feb 2021 11:36:53 -0600
From: "Asterisk Security Team" <security@...erisk.org>
To: fulldisclosure@...lists.org
Subject: [FD] AST-2021-001: Remote crash in res_pjsip_diversion

               Asterisk Project Security Advisory - AST-2021-001

          Product         Asterisk                                            
          Summary         Remote crash in res_pjsip_diversion                 
     Nature of Advisory   Denial of service                                   
       Susceptibility     Remote authenticated sessions                       
          Severity        Moderate                                            
       Exploits Known     No                                                  
        Reported On       December 28 2020                                    
        Reported By       Ivan Poddubny                                       
         Posted On        January 04 2021                                     
      Last Updated On     January 04 2021                                     
      Advisory Contact    gjoseph AT sangoma DOT com                          
          CVE Name        CVE-2020-35776                                      

      Description     If a registered user is tricked into dialing a          
                      malicious  number that sends lots of 181 responses to   
                      Asterisk, each one will cause a 181 to be sent back to  
                      the original caller with an increasing number of        
                      entries in the ���Supported��� header. Eventually the       
                      number of entries in the header exceeds the size of     
                      the entry array and causes a crash.                     
    Modules Affected  res_pjsip_diversion.c                                   

    Resolution  Before updating the ���Supported��� header with a new entry,      
                Asterisk now checks that the entry doesn���t already exist and  
                that adding an entry won���t exceed the size of the entry       
                array.                                                        

                               Affected Versions
                 Product               Release Series  
          Asterisk Open Source              13.X       13.38.1                
          Asterisk Open Source              16.X       16.15.1                
          Asterisk Open Source              17.X       17.9.1                 
          Asterisk Open Source              18.X       18.1.1                 

                                  Corrected In
               Product                              Release                   
        Asterisk Open Source           13.38.2, 16.16.1, 17.9.2, 18.2.1       

                                    Patches                         
                              Patch URL                             Revision  
    https://downloads.digium.com/pub/security/AST-2021-001-13.diff  13.38.2   
    https://downloads.digium.com/pub/security/AST-2021-001-16.diff  16.16.1   
    https://downloads.digium.com/pub/security/AST-2021-001-17.diff  17.9.2    
    https://downloads.digium.com/pub/security/AST-2021-001-18.diff  18.2.1    

     Links   https://issues.asterisk.org/jira/browse/ASTERISK-29227           
             https://downloads.asterisk.org/pub/security/AST-2021-001.html    

    Asterisk Project Security Advisories are posted at                        
    http://www.asterisk.org/security                                          
                                                                              
    This document may be superseded by later versions; if so, the latest      
    version will be posted at                                                 
    https://downloads.digium.com/pub/security/AST-2021-001.pdf and            
    https://downloads.digium.com/pub/security/AST-2021-001.html               

                                Revision History
             Date                 Editor               Revisions Made         
    December 29, 2020       George Joseph        Initial revision             

               Asterisk Project Security Advisory - AST-2021-001
               Copyright �� 2020 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ