Asterisk main/utils.c ast_uri_encode() CallerID Information Overflow (AST-2011-001)

This script is Copyright (C) 2011-2014 Tenable Network Security, Inc.


Synopsis :

The version of Asterisk installed on the remote host contains a
buffer overflow vulnerability.

Description :

Using a specially crafted caller ID string, an authenticated user
placing an outgoing call through the remote Asterisk server can cause
a buffer overflow leading to an application crash or execution of
arbitrary code.

Successful exploitation may require that the SIP channel driver is
configured with the 'pedantic' option enabled.

See also :

http://downloads.asterisk.org/pub/security/AST-2011-001.html

Solution :

Upgrade to Asterisk 1.4.38.1 / 1.4.39.1 / 1.6.1.21 / 1.6.2.15.1 /
1.6.2.16.1 / 1.8.1.2 / 1.8.2.2, Asterisk Business Edition C.3.6.2 or
later.

Risk factor :

Medium / CVSS Base Score : 6.5
(CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P)
CVSS Temporal Score : 4.8
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Gain a shell remotely

Nessus Plugin ID: 51644 ()

Bugtraq ID: 45839

CVE ID: CVE-2011-0495