Condorlab

PJSIP – Bug in PJSIP allow Remote Unauthenticated Sessions


Advisory IDRSN-SIP-1780


Vulnerability Information

 

An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and older, 15.1.4 and older, and 13.18-cert1 and older. A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header.  For more information on the affected versions, CVE 2017-17850 was assigned for this bug.


 

Release Date

2017-12-13 00:00:00

 

Asterisk is a PBX that can be implemented on Linux, BSD, OS X Solaris and Microsoft Windows systems that provide all the functionality of a PBX. Asterisk implements voice over IP in four protocols (SIP, H.323, MGCP, IAX) allowing interoperation with almost all telephony equipment based on standards that use relatively inexpensive hardware.


Technical Information

 

 

A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point.


Solutions

 

 

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

 

Asterisk Project Security Advisory

http://downloads.asterisk.org/pub/security/AST-2017-014.html

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2017-17850