Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 355967 - <net-misc/asterisk-{1.6.2.16.2-r2,1.8.2.4}: Exploitable Stack and Heap Array Overflows When Decoding UDPTL Packets (CVE-2011-1147)
Summary: <net-misc/asterisk-{1.6.2.16.2-r2,1.8.2.4}: Exploitable Stack and Heap Array ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://downloads.asterisk.org/pub/sec...
Whiteboard: B1 [glsa]
Keywords:
Depends on: CVE-2011-0495
Blocks:
  Show dependency tree
 
Reported: 2011-02-22 04:48 UTC by Tim Sammut (RETIRED)
Modified: 2011-10-24 18:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-02-22 04:48:32 UTC
From $URL:

When decoding UDPTL packets, multiple stack and heap based arrays can be made to overflow by specially crafted packets. Systems doing T.38 pass through or termination are vulnerable.

...

Corrected In:
Asterisk Open Source
1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4
Comment 1 Tony Vroon (RETIRED) gentoo-dev 2011-02-27 19:36:27 UTC
1.6.2.16.2 & 1.8.2.4 are both in the portage tree, the former stable and the latter masked. Security, please proceed with GLSA vote.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-02-27 19:48:09 UTC
(In reply to comment #1)
> 1.6.2.16.2 & 1.8.2.4 are both in the portage tree, the former stable and the
> latter masked. Security, please proceed with GLSA vote.
> 

Thanks, Tony. No vote required. GLSA request filed (with 352059).
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2011-06-13 18:18:50 UTC
CVE-2011-1147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1147):
  Multiple stack-based and heap-based buffer overflows in the (1)
  decode_open_type and (2) udptl_rx_packet functions in main/udptl.c in
  Asterisk Open Source 1.4.x before 1.4.39.2, 1.6.1.x before 1.6.1.22, 1.6.2.x
  before 1.6.2.16.2, and 1.8 before 1.8.2.4; Business Edition C.x.x before
  C.3.6.3; AsteriskNOW 1.5; and s800i (Asterisk Appliance), when T.38 support
  is enabled, allow remote attackers to cause a denial of service (crash) and
  possibly execute arbitrary code via a crafted UDPTL packet.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2011-10-24 18:45:40 UTC
This issue was resolved and addressed in
 GLSA 201110-21 at http://security.gentoo.org/glsa/glsa-201110-21.xml
by GLSA coordinator Tim Sammut (underling).