[3.4] asterisk: Multiple vulnerabilities (CVE-2017-16671, CVE-2017-16672, CVE-2017-17090, CVE-2017-17664, CVE-2017-17850)
CVE-2017-16671: Buffer overflow in CDR’s set user
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before
13.18.1, 14 before 14.7.1, and 15 before 15.1.1
and Certified Asterisk 13.13 before 13.13-cert7. No size checking is
done when setting the user field for Party B on a CDR. Thus, it is
possible for someone to use an arbitrarily large string and write past
the end of the user field storage buffer.
http://downloads.asterisk.org/pub/security/AST-2017-010.html
https://nvd.nist.gov/vuln/detail/CVE-2017-16671
CVE-2017-16672: Memory/File Descriptor/RTP leak in pjsip session resource
An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14
before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13
before 13.13-cert7. A memory leak occurs when an Asterisk pjsip session
object is created and that call gets rejected before the session
itself is fully established. When this happens the session object never
gets destroyed. Eventually Asterisk can run out of memory and crash.
References:
http://downloads.asterisk.org/pub/security/AST-2017-011.html
https://nvd.nist.gov/vuln/detail/CVE-2017-16672
CVE-2017-17090: DOS Vulnerability in Asterisk chan_skinny (3.7, 3.6-3.4)
If the chan_skinny (AKA SCCP protocol) channel driver is flooded with
certain requests it can cause the asterisk process
to use excessive amounts of virtual memory eventually causing asterisk
to stop processing requests of any kind.
Fixed In Version:
asterisk 13.18.3, asterisk 14.7.3, asterisk 15.1.3
References:
http://downloads.asterisk.org/pub/security/AST-2017-013.html
https://nvd.nist.gov/vuln/detail/CVE-2017-17090
CVE-2017-17664: Remote Crash Vulnerability in RTCP Stack
A Remote Crash issue was discovered in Asterisk Open Source 13.x before
13.18.4, 14.x before 14.7.4, and 15.x before 15.1.4
and Certified Asterisk before 13.13-cert9. Certain compound RTCP packets
cause a crash in the RTCP Stack.
Fixed In Version:
asterisk 13.18.4, asterisk 14.7.4, asterisk 15.1.4
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-17664
http://downloads.asterisk.org/pub/security/AST-2017-012.html
CVE-2017-17850: Crash in PJSIP resource when missing a contact header
An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older,
15.1.4 and older, and 13.18-cert1 and older. A select set of SIP
messages
create a dialog in Asterisk. Those SIP messages must contain a contact
header. For those messages, if the header was not
present and the PJSIP channel driver was used, Asterisk would crash.
Fixed In Version:
asterisk 13.18.5, 14.7.5, 15.1.5
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-17850
http://downloads.asterisk.org/pub/security/AST-2017-014.html
(from redmine: issue id 8356, created on 2017-12-28, closed on 2018-01-12)
- Relations:
- parent #8352 (closed)
- Changesets:
- Revision 5efa95d6 by Timo Teräs on 2017-12-29T07:12:54Z:
main/asterisk: security upgrade to 13.18.5
fixes #8356
AST-2017-009 Buffer overflow in pjproject header parsing can cause crash
AST-2017-010 Buffer overflow in CDR's set user
AST-2017-011 Memory leak in pjsip session resource
AST-2017-012 Remote Crash Vulnerability in RTCP Stack
AST-2017-013 DOS Vulnerability in Asterisk chan_skinny
AST-2017-014 Crash in PJSIP resource when missing a contact header