As my one lecturer used to say ... most crashes due to malformed data can be used for code injection and execution. This is harder on recent hardware where NX protection is properly used but still. There are workarounds available too. Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8939f531f32cf666ad9f07ec75a695e228f9913 commit f8939f531f32cf666ad9f07ec75a695e228f9913 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2024-09-06 06:41:18 +0000 Commit: Eli Schwartz <eschwartz@gentoo.org> CommitDate: 2024-09-27 05:55:57 +0000 net-misc/asterisk: add 21.4.3, drop 21.4.2 (security) See-also: https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9 Bug: https://bugs.gentoo.org/939159 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/38476 Signed-off-by: Eli Schwartz <eschwartz@gentoo.org> net-misc/asterisk/Manifest | 2 +- net-misc/asterisk/{asterisk-21.4.2.ebuild => asterisk-21.4.3.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e20fe91ef242dcf70bf3ed0bf9af684011c34b7 commit 3e20fe91ef242dcf70bf3ed0bf9af684011c34b7 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2024-09-06 06:40:14 +0000 Commit: Eli Schwartz <eschwartz@gentoo.org> CommitDate: 2024-09-27 05:55:57 +0000 net-misc/asterisk: add 20.9.3, drop 20.9.2 (security) See-also: https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9 Bug: https://bugs.gentoo.org/939159 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Eli Schwartz <eschwartz@gentoo.org> net-misc/asterisk/Manifest | 2 +- net-misc/asterisk/{asterisk-20.9.2.ebuild => asterisk-20.9.3.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e58277c953cdde9bbdb321af088f9a40d946b58 commit 3e58277c953cdde9bbdb321af088f9a40d946b58 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2024-09-06 06:19:41 +0000 Commit: Eli Schwartz <eschwartz@gentoo.org> CommitDate: 2024-09-27 05:55:56 +0000 net-misc/asterisk: add 18.24.3 (security) See-also: https://github.com/asterisk/asterisk/security/advisories/GHSA-v428-g3cw-7hv9 Bug: https://bugs.gentoo.org/939159 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Eli Schwartz <eschwartz@gentoo.org> net-misc/asterisk/Manifest | 1 + net-misc/asterisk/asterisk-18.24.3.ebuild | 371 ++++++++++++++++++++++++++++++ 2 files changed, 372 insertions(+)
My part is done, handing over to security team to make a call as to GLSA. My personal opinion is that this is unlikely a remote take-over, however, it's unclear if the attacker needs to be authenticated or not in order to trigger this crash, even though the wording of the GHSA insinuates that it's only for valid endpoints (ie, authenticated users), and users who can manipulate the dialplan (trusted) and generate Originate() requests (which again, are trusted and authenticated users in the usual case).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=1b2cfc5c5940faf8ff73b87693e360a0a5ae20b5 commit 1b2cfc5c5940faf8ff73b87693e360a0a5ae20b5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-12-07 08:58:41 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-12-07 08:58:50 +0000 [ GLSA 202412-03 ] Asterisk: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/771318 Bug: https://bugs.gentoo.org/803440 Bug: https://bugs.gentoo.org/838391 Bug: https://bugs.gentoo.org/884797 Bug: https://bugs.gentoo.org/920026 Bug: https://bugs.gentoo.org/937844 Bug: https://bugs.gentoo.org/939159 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202412-03.xml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+)
