Bug#614580: asterisk: AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code
Tzafrir Cohen
tzafrir at cohens.org.il
Tue Feb 22 12:35:58 UTC 2011
Package: asterisk
Version: 1:1.6.2.9-2+squeeze1
Justification: user security hole
Severity: grave
Tags: security patch upstream
The Asterisk project has reported security advisory ASA-2011-002
http://downloads.asterisk.org/pub/security/AST-2011-002.html
(No CVE ATM)
"When decoding UDPTL packets, multiple stack and heap based arrays can
be made to overflow by specially crafted packets. Systems doing T.38
pass through or termination are vulnerable."
Patches were already submitted to the respective branches in the
pkg-voip SVN repo:
http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8797 - Squeeze
http://svn.debian.org/viewsvn/pkg-voip?view=rev&revision=8800 - Lenny
Workaround:
As a workaround, in case the patch has not yet been applied, you can
disable the T.38 functionality (versions in Debian stable / oldstable
only have T.38 passthrough capabilities).
* In chan_sip this is only enabled if 't38pt_udptl' wasenabled for a any
specific peer/user.
* chan_ooh323 (only in stable, not in oldstable. Only needed if you
installed asterisk-ooh323) needs to be disabled altogether. e.g. set
in modules.conf in the section [modules]:
noload => chan_ooh323.so
--
Tzafrir Cohen | tzafrir at jabber.org | VIM is
http://tzafrir.org.il | | a Mutt's
tzafrir at cohens.org.il | | best
tzafrir at debian.org | | friend
More information about the Pkg-voip-maintainers
mailing list