Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIP_HEADER dialplan function can exceed the available buffer space for storing the new value of a header. By doing so this can overwrite memory or cause a crash. This is not externally exploitable, unless dialplan is explicitly written to update a header based on data from an outside source. If the 'update' functionality is not used the vulnerability does not occur. A patch is available at commit a1ca0268254374b515fa5992f01340f7717113fa.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3696 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-3696-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                      Markus Koschany     December 28, 2023                             https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : asterisk     Version        : 1:16.28.0~dfsg-0+deb10u4     CVE ID         : CVE-2023-37457 CVE-2023-38703 CVE-2023-49294 CVE-2023-49786     Debian Bug     : 1059303 1059032 1059033

    Multiple security vulnerabilities have been discovered in Asterisk, an Open     Source Private Branch Exchange.

    CVE-2023-37457

        The 'update' functionality of the PJSIP_HEADER dialplan function can exceed         the available buffer space for storing the new value of a header. By doing         so this can overwrite memory or cause a crash. This is not externally         exploitable, unless dialplan is explicitly written to update a header based         on data from an outside source. If the 'update' functionality is not used         the vulnerability does not occur.

    CVE-2023-38703

        PJSIP is a free and open source multimedia communication library written in         C with high level API in C, C++, Java, C#, and Python languages. SRTP is a         higher level media transport which is stacked upon a lower level media         transport such as UDP and ICE. Currently a higher level transport is not         synchronized with its lower level transport that may introduce a         use-after-free issue. This vulnerability affects applications that have         SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media         transport other than UDP. This vulnerabilitys impact may range from         unexpected application termination to control flow hijack/memory         corruption.

    CVE-2023-49294

        It is possible to read any arbitrary file even when the `live_dangerously`         option is not enabled.

    CVE-2023-49786

       Asterisk is susceptible to a DoS due to a race condition in the hello        handshake phase of the DTLS protocol when handling DTLS-SRTP for media        setup. This attack can be done continuously, thus denying new DTLS-SRTP        encrypted calls during the attack. Abuse of this vulnerability may lead to        a massive Denial of Service on vulnerable Asterisk servers for calls that        rely on DTLS-SRTP.

    For Debian 10 buster, these problems have been fixed in version     1:16.28.0~dfsg-0+deb10u4.

    We recommend that you upgrade your asterisk packages.

    For the detailed security status of asterisk please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/asterisk

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: This is a digitally signed message part

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202412-03 (Asterisk: Multiple Vulnerabilities)

    Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced     below for details.

Tenable has extracted the preceding description block directly from the Gentoo Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
214468	Debian dla-3696 : asterisk - security update	Nessus	Debian Local Security Checks	critical
212188	GLSA-202412-03 : Asterisk: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	critical

Detections

Analytics

CVE-2023-37457

high

Tenable Plugins

critical

critical