Date: Tue, 4 Jun 2013 13:17:16 -0600 From: Vincent Danen <vdanen@...hat.com> To: oss-security@...ts.openwall.com, kseifried@...hat.com Subject: Re: CVE request: libsrtp buffer overflow flaw * [2013-06-04 12:43:20 -0600] Kurt Seifried wrote: >On 06/04/2013 09:51 AM, Vincent Danen wrote: >> A buffer overflow flaw was reported in libsrtp, Cisco's reference >> implementation of the Secure Real-time Transport Protocol (SRTP), >> in how the crypto_policy_set_from_profile_for_rtp() function >> applies cryptographic profiles to an srtp_policy. This could allow >> for a crash of a client linked against libsrtp (like asterisk or >> linphone). >> >> A pull request in git has a patch to correct this issue (doesn't >> look like it's been merged into master yet though). >> >> References: >> >> http://seclists.org/fulldisclosure/2013/Jun/10 >> https://github.com/cisco/libsrtp/pull/26 >> https://bugzilla.redhat.com/show_bug.cgi?id=970697 > >Please use CVE-2013-2139 for this issue. Thanks. I noted the wrong commit above, it should be this one: https://github.com/cisco/libsrtp/pull/27 >> As an aside, when I was poking around in github, I also found this >> but I don't know anything about libsrtp so I don't know if this is >> something that can be triggered by a remote user or if this is just >> a hardening thing, but the commit message is "Security fix to not >> ignore RTCP encryption, if required." >> >> https://github.com/cisco/libsrtp/commit/8ad50a05279b61a382da3cc730ff1560ab4272e8 >> >> >> >> Is there someone more familiar with libsrtp that might be able to >> comment on whether or not this is a flaw (so can a remote user >> request to disable encryption and do ... something?) -- Vincent Danen / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.