Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Mar 2012 11:57:15 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Jan Lieskovsky <jlieskov@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>,
        Matt Jordan <mjordan@...ium.com>
Subject: Re: CVE Request -- Asterisk: AST-2012-002 and AST-2012-003
 flaws

On 03/16/2012 05:47 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
> 
> 1) AST-2012-002:
> 
> An out-of stack-based buffer write flaw was found in the way the Miliwatt
> application of the Asterisk, open source telephony toolkit, performed
> generation of constant audio tone at 1000Hz (the 'o' option) from certain,
> provided audio packets, when the 'internal_timing' Asterisk
> configuration file
> option was disabled. In this configuration, a remote attacker could
> provide a
> specially-crafted audio packet file, which once processed by the Miliwatt
> application would lead to that application crash, or, potentially arbitrary
> code execution with the privileges of the user running the application.
> 
> Upstream security advisory:
> [1] http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
> 
> Asterisk v1.8.10.1 announcement:
> [2] http://www.asterisk.org/node/51797
> 
> Upstream patch against the v1.8 branch:
> [3] http://downloads.asterisk.org/pub/security/AST-2012-002-1.8.diff
> 
> References:
> [4] https://bugs.gentoo.org/show_bug.cgi?id=408431
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=804038

Please use CVE-2012-1183 for Asterisk AST-2012-002


> 2) AST-2012-003:
> 
> A stack-based buffer overflow flaw was found in the way Asterisk Manager
> Interface of Asterisk, open source telephony toolkit, performed
> processing of
> certain HTTP Digest Authentication headers. A remote attacker,
> attempting to
> connect to the HTTP session could send a HTTP Digest Authentication
> header with
> specially-crafted values for certain fields, which once processed by the
> Asterisk parse digest authorization header functionality would lead to
> asterisk
> crash, or, potentially arbitrary code execution with the privileges of
> the user
> running the application.
> 
> Upstream security advisory:
> [1] http://downloads.asterisk.org/pub/security/AST-2012-003.pdf
> 
> Asterisk v1.8.10.1 announcement:
> [2] http://www.asterisk.org/node/51797
> 
> Upstream patch against the v1.8 branch:
> [3] http://downloads.asterisk.org/pub/security/AST-2012-003-1.8.diff
> 
> References:
> [4] https://bugs.gentoo.org/show_bug.cgi?id=408431
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=804042
> 
> Could you allocate two ids for these issues?


Please use CVE-2012-1184 for Asterisk AST-2012-003


> Thank you && Regards, Jan.
> -- 
> Jan iankko Lieskovsky / Red Hat Security Response Team
> 
> P.S.: Cc-ed Matt Jordan of the Asterisk team, so once the ids are
> assigned, he
>       can update the advisories.


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ