Update Protection against Asterisk Buffer Overflow Vulnerabilities
| Check Point Reference: | CPAI-2008-210 | |
| Date Published: | ||
| Severity: | ||
| Source: | Asterisk.org/node/48466 FRSIRT:ADV-2008-0928 SECTRACK:1019628 |
|
| Industry Reference(s): | CVE-2008-1289 | |
| Protection Provided by: |
IPS-1
|
|
|
Who is Vulnerable? Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3 Astersik Open Source 1.6.x before 1.6.0-beta6 Asterisk Business Edition C.x.x before C.1.6.1 AsteriskNOW 1.0.x before 1.0.2 Asterisk Appliance Developer Kit before 1.4 revision 109386 s800i 1.1.x before 1.1.0.2 |
||
| Vulnerability Description Two buffer overflow vulnerabilities have been reported in the RTP payload handling code of Asterisk that could allow remote attackers to execute arbitrary code. |
||
|
Vulnerability Status Two fixes have been added to check the provided data to ensure it does not exceed static buffer sizes. |
|
|
Vulnerability Details A vulnerability in Asterisk could allow remote attackers to execute a buffer overflow by writing a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c. A second vunerability in Asterisk could allow remote attackers to execute arbitrary code by writing certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c. |
To configure the defense, select your product from the list below and follow the related protection steps.