Bug#675210: asterisk: AST-2012-008 (CVE-2012-2948): remote crash issue in chan_skinny
Tzafrir Cohen
tzafrir at debian.org
Wed May 30 14:36:04 UTC 2012
Package: asterisk
Version: 1:1.8.11.1~dfsg-1
Severity: grave
Tags: upstream patch security
Justification: user security hole
When a skinny session is unregistered, the corresponding device pointer
is set to NULL in the channel private data. If the client was not in
the on-hook state at the time the connection was closed, the device
pointer can later be dereferenced if a message or channel event attempts
to use a line's pointer to said device.
The patches prevent this from occurring by checking the line's pointer
in message handlers and channel callbacks that can fire after an
unregistration attempt.
Expliting this requires an established Skinny session, which implies a
configured Skinny (SCCP) device. If you have no idea what this means,
you don't have one.
For Wheezy and Sid, 1.8.12.2 is to be used. For Squeeze, Upstream's
patch has been adapted and is included in the pkg-voip SVN.
-- System Information:
Debian Release: wheezy/sid
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Pkg-voip-maintainers
mailing list