Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 372793 (CVE-2011-2529) - <net-misc/asterisk-{1.6.2.18.1,1.8.4.3}: Multiple vulnerabilities AST-2011-008, 009, 010 (CVE-2011-{2529,2535})
Summary: <net-misc/asterisk-{1.6.2.18.1,1.8.4.3}: Multiple vulnerabilities AST-2011-00...
Status: RESOLVED FIXED
Alias: CVE-2011-2529
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.asterisk.org/node/51650
Whiteboard: B1 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-24 09:58 UTC by Tony Vroon (RETIRED)
Modified: 2011-10-24 18:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tony Vroon (RETIRED) gentoo-dev 2011-06-24 09:58:20 UTC
AST-2011-008: If a remote user sends a SIP packet containing a null,
Asterisk assumes available data extends past the null to the
end of the packet when the buffer is actually truncated when
copied. This causes SIP header parsing to modify data past
the end of the buffer altering unrelated memory structures.
This vulnerability does not affect TCP/TLS connections.
-- Resolved in 1.6.2.18.1 and 1.8.4.3

AST-2011-009: A remote user sending a SIP packet containing a Contact header
with a missing left angle bracket (<) causes Asterisk to
access a null pointer.
-- Resolved in 1.8.4.3

AST-2011-010: A memory address was inadvertently transmitted over the
network via IAX2 via an option control frame and the remote party would try
to access it.
-- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3

1.4 branch: Not in portage.
1.6.2 branch: Ebuilds in tree, need stable keywords.
1.8 branch: In portage, vulnerable ebuilds axed, no stable keywords.

Arches, please test & stable 1.6.2.18.1. Suggested test procedure is to install the daemon with the default configs and to stop/start the daemon multiple times.
Comment 1 Agostino Sarubbo gentoo-dev 2011-06-24 10:33:09 UTC
amd64 ok
Comment 2 Tony Vroon (RETIRED) gentoo-dev 2011-06-24 10:36:52 UTC
+  24 Jun 2011; Tony Vroon <chainsaw@gentoo.org> asterisk-1.6.2.18.1.ebuild:
+  Mark stable on AMD64 based on arch testing by Agostino "ago" Sarubbo; for
+  security bug #372793.
Comment 3 Ian Delaney (RETIRED) gentoo-dev 2011-06-24 23:49:40 UTC
amd64:

all ok
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-06-26 16:15:37 UTC
x86 stable
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2011-06-26 16:17:22 UTC
Thanks, everyone. Added to existing GLSA request.
Comment 6 Tony Vroon (RETIRED) gentoo-dev 2011-06-27 08:15:56 UTC
+  27 Jun 2011; Tony Vroon <chainsaw@gentoo.org> -asterisk-1.6.2.17.3.ebuild:
+  Remove last vulnerable ebuild on 1.8 branch now that stabling has been
+  completed for security bug #372793.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2011-10-24 18:45:57 UTC
This issue was resolved and addressed in
 GLSA 201110-21 at http://security.gentoo.org/glsa/glsa-201110-21.xml
by GLSA coordinator Tim Sammut (underling).