FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Asterisk -- multiple vulnerabilities

Affected packages
1.4.* < asterisk14 < 1.4.41.2
1.6.* < asterisk16 < 1.6.2.18.2
1.8.* < asterisk18 < 1.8.4.4

Details

VuXML ID 40544e8c-9f7b-11e0-9bec-6c626dd55a41
Discovery 2011-06-24
Entry 2011-06-25
Modified 2011-06-29

The Asterisk Development Team reports:

AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end of the buffer altering unrelated memory structures. This vulnerability does not affect TCP/TLS connections.

AST-2011-009: A remote user sending a SIP packet containing a Contact header with a missing left angle bracket causes Asterisk to access a null pointer.

AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it.

Possible enumeration of SIP users due to differing authentication responses.

References

CVE Name CVE-2011-2529
CVE Name CVE-2011-2535
CVE Name CVE-2011-2536
URL http://downloads.asterisk.org/pub/security/AST-2011-008.html
URL http://downloads.asterisk.org/pub/security/AST-2011-009.html
URL http://downloads.asterisk.org/pub/security/AST-2011-010.html
URL http://downloads.asterisk.org/pub/security/AST-2011-011.html