Asterisk – Vulnerability in Asterisk Open Source and Certified Asterisk allow Buffer Overflow

Advisory IDRSN-SIP-1599

Vulnerability Information

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request.  For more information on the affected versions, CVE-2018-7284 was assigned for this bug.

Release Date

2018-02-25 00:00:00

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. It combines signaling protocol (SIP) with rich multimedia framework and NAT traversal functionality into high level API that is portable and suitable for almost any type of systems ranging from desktops, embedded systems, to mobile handsets.

Technical Information

When processing a SUBSCRIBE request the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed despite having a fixed limit of 32. If more than 32 Accept headers were present the code would write outside of its memory and cause a crash.

Solutions

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com

External Resources

Asterisk Project Security Advisory

http://downloads.asterisk.org/pub/security/AST-2018-004.html

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7284