Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 719
    • Issues 719
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 325
    • Merge requests 325
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #10790
Closed
Open
Created Sep 10, 2019 by Alicha CH@alichaReporter5 of 5 tasks completed5/5 tasks

asterisk: Multiple vulnerabilities (CVE-2018-19278, CVE-2019-7251, CVE-2019-12827, CVE-2019-13161, CVE-2019-15297, CVE-2019-15639)

CVE-2018-19278: Remote crash vulnerability DNS SRV and NAPTR lookups

There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attacker’s request causes Asterisk to segfault and crash.

Affected Versions:

Asterisk 15.x All releases, 16.x All releases

Fixed In Version:

Asterisk 15.6.2 , 16.0.1

  • master: 04e63b7e
  • 3.10-stable: 04e63b7e
  • 3.9-stable: 04e63b7e

Reference:

http://downloads.asterisk.org/pub/security/AST-2018-010.html

CVE-2019-7251: Remote crash vulnerability with SDP protocol violation

When Asterisk makes an outgoing call, a very specific SDP protocol violation by the remote party can cause Asterisk to crash.

Affected Versions:

Asterisk 15.x All releases, 16.x All releases

Fixed In Version:

Asterisk 15.7.2, 16.2.1

  • master: a752e63b
  • 3.10-stable: a752e63b

Reference:

http://downloads.asterisk.org/pub/security/AST-2019-001.html

CVE-2019-12827: Remote crash vulnerability with MESSAGE messages

A specially crafted SIP in-dialog MESSAGE message can cause Asterisk to crash.

Affected Versions:

Asterisk 13.x All releases, 15.x All releases, 16.x All releases

Fixed In Version:

Asterisk 13.27.1, 15.7.3, 16.4.1

  • master: cd7e79e4

Reference:

http://downloads.asterisk.org/pub/security/AST-2019-002.html

CVE-2019-13161: Remote Crash Vulnerability in chan_sip channel driver

When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.

This requires Asterisk to initiate a T.38 reinvite which is only done when executing the ReceiveFax dialplan application or performing T.38 passthrough where a remote endpoint has requested T.38.

Affected Versions:

Asterisk 13.x All releases, 15.x All releases, 16.x All releases

Fixed In Version:

Asterisk 13.27.1, 15.7.3, 16.4.1

  • master: cd7e79e4

Reference:

http://downloads.asterisk.org/pub/security/AST-2019-003.html

CVE-2019-15297: Crash when negotiating for T.38 with a declined stream

When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a declined media stream a crash will then occur in Asterisk.

Affected Versions:

Asterisk 15.x All releases, 16.x All releases

Fixed In Version:

Asterisk 15.7.4, 16.5.1

References:

http://downloads.asterisk.org/pub/security/AST-2019-004.html

CVE-2019-15639: Remote Crash Vulnerability in audio transcoding

When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not.

This issue presented itself when an RTP packet containing no audio (and thus no samples) was received. In a particular transcoding scenario this audio frame would get turned into a frame with no origin information. If this new frame was then given to the audio transcoding support a crash would occur as no samples and no origin information would be present. The transcoding scenario requires the “genericplc” option to be set to enabled (the default) and a transcoding path from the source format into signed linear and then from signed linear into another format.

Note that there may be other scenarios that have not been found which can cause an audio frame with no origin to be given to the audio transcoding support and thus cause a crash.

Affected Versions:

Asterisk 13.x 13.28.0, 16.x 16.5.0

Fixed In Version:

Asterisk 13.28.1, 16.5.1

Reference:

http://downloads.asterisk.org/pub/security/AST-2019-005.html

Affected branches:

  • master
  • 3.10-stable
  • 3.9-stable
  • 3.8-stable
  • 3.7-stable
Edited Sep 17, 2019 by Leonardo Arena
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking