Bug#482997: asterisk: Remote Crash Vulnerability in SIP channel driver when run in pedantic mode (CVE-2008-2119)
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Mon Jun 9 11:52:56 UTC 2008
On Mon, Jun 09, 2008 at 01:12:21PM +0200, Torgeir S. wrote:
> On Fri, Jun 06, 2008 at 10:01:01AM +0300, Faidon Liambotis wrote:
> > Ketil Vestby wrote:
> >> No problem for me, but I got the weekend filled so I dont think I can
> >> test much of it before monday
> > OK, I'll try to test it myself, but a) my weekend is probably filled up
> > as well :( b) you reported the bug in the first place, so it'd be best
> > if you could confirm it's gone.
> >
> >>> I can point you to binary packages if you prefer.
> >>
> >> I do :-)
> > http://people.debian.org/~paravoid/asterisk-2etch5/
> >
> > Torgeir, you could test them too if you'd like.
>
> 2etch5 was tested today. Unfortunately, asterisk died with a segfault (both when
> executed with /etc/init.d/asterisk and /usr/sbin/asterisk -vvvvv)
>
> It looked like it had something to do with IAX, as it died right after
> saying:
>
> (snip)
> == Registered channel type 'IAX2' (Inter Asterisk eXchange Driver (Ver 2))
> == IAX Ready and Listening
> Segmentation fault
>
> When I moved our iax.conf to iax.conf.OLD, asterisk didn't segfault and started normally:
>
> Asterisk Ready.
>
> It appears, after some commenting/uncommenting of config directives in
> /etc/asterisk/iax.conf, that asterisk 2etch5 will segfault if >1 peer
> has the same value in the host= directive.
Actually I'd say that this crash was caused by the module loaded right
after chan_iax2.so .
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list