Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Asterisk Buffer Overflow Vulnerabilities

Subscribe

Check Point Reference: CPAI-2008-210
Date Published:
Severity:
Source: Asterisk.org/node/48466
FRSIRT:ADV-2008-0928
SECTRACK:1019628
Industry Reference(s): CVE-2008-1289
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Asterisk Open Source 1.4.x before 1.4.18.1 and 1.4.19-rc3
Astersik Open Source 1.6.x before 1.6.0-beta6
Asterisk Business Edition C.x.x before C.1.6.1
AsteriskNOW 1.0.x before 1.0.2
Asterisk Appliance Developer Kit before 1.4 revision 109386
s800i 1.1.x before 1.1.0.2
Vulnerability Description
Two buffer overflow vulnerabilities have been reported in the RTP payload handling code of Asterisk that could allow remote attackers to execute arbitrary code.
Vulnerability Status
Two fixes have been added to check the provided data to ensure it does not exceed static buffer sizes.
Vulnerability Details
A vulnerability in Asterisk could allow remote attackers to execute a buffer overflow by writing a zero to an arbitrary memory location via a large RTP payload number, related to the ast_rtp_unset_m_type function in main/rtp.c.
A second vunerability in Asterisk could allow remote attackers to execute arbitrary code by writing certain integers to an arbitrary memory location via a large number of RTP payloads, related to the process_sdp function in channels/chan_sip.c.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 and IPS-1 NGX R65

How Can I Protect My Network?
Networks can be protected from potential exploits of this buffer overflow vulnerability by updating IPS-1 sensors with this protection.

How Do I Know if My Network is Under Attack?
A sip_digium:cve_2008_1289_count_alert will be generated when the first buffer overflow vulnerability is being exploited.
A sip_digium:cve_2008_1289_number_alert will be generated when the second vulnerability being exploited.