Alpine: multiple asterisk packages: security update to 15.2.0-r0 (deprecated)

high Tenable Cloud Security Plugin ID 400774

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through
15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the
res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This
code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32
Accept headers were present, the code would write outside of its memory and cause a crash. (CVE-2018-7284)

- A NULL pointer access issue was discovered in Asterisk 15.x through 15.2.1. The RTP support in Asterisk
maintains its own registry of dynamic codecs and desired payload numbers. While an SDP negotiation may
result in a codec using a different payload number, these desired ones are still stored internally. When
an RTP packet was received, this registry would be consulted if the payload number was not found in the
negotiated SDP. This registry was incorrectly consulted for all packets, even those which are dynamic. If
the payload number resulted in a codec of a different type than the RTP stream (for example, the payload
number resulted in a video codec but the stream carried audio), a crash could occur if no stream of that
type had been negotiated. This was due to the code incorrectly assuming that a stream of that type would
always exist. (CVE-2018-7285)

- An issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and
Certified Asterisk through 13.18-cert2. res_pjsip allows remote authenticated users to crash Asterisk
(segmentation fault) by sending a number of SIP INVITE messages on a TCP or TLS connection and then
suddenly closing the connection. (CVE-2018-7286)

- An issue was discovered in res_http_websocket.c in Asterisk 15.x through 15.2.1. If the HTTP server is
enabled (default is disabled), WebSocket payloads of size 0 are mishandled (with a busy loop).
(CVE-2018-7287)

See Also

https://git.alpinelinux.org/aports/commit/?id=12119c5b8165b6fcf4ed517415c1ca474f141b43

https://git.alpinelinux.org/aports/commit/?id=f0ae460f0cc464900bdb9a9265254e00d0da42f1

Plugin Details

Severity: High

ID: 400774

Version: Revision 1.22

Type: Local

Published: 8/16/2023

Updated: 1/17/2024

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-7285

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/22/2018

Vulnerability Publication Date: 2/21/2018

Reference Information

CVE: CVE-2018-7284, CVE-2018-7285, CVE-2018-7286, CVE-2018-7287

BID: 103120, 103129, 103149, 103151

IAVA: 2018-A-0064-S