Alpine: multiple asterisk packages: security update to 18.1.1-r0 (deprecated)

high Tenable Self-Hosted Container Security Plugin ID 400268

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- An issue was discovered in Sangoma Asterisk 16.x before 16.16.1, 17.x before 17.9.2, and 18.x before
18.2.1 and Certified Asterisk before 16.8-cert6. When re-negotiating for T.38, if the initial remote
response was delayed just enough, Asterisk would send both audio and T.38 in the SDP. If this happened,
and the remote responded with a declined T.38 stream, then Asterisk would crash. (CVE-2021-26717)

- A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1,
17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon receiving a new
SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the
creation of the dialog object, and its next use by the thread that created it. Depending on some off-
nominal circumstances and timing, it was possible for another thread to free said dialog in this gap.
Asterisk could then crash when the dialog object, or any of its dependent objects, were dereferenced or
accessed next by the initial-creation thread. Note, however, that this crash can only occur when using a
connection-oriented protocol (e.g., TCP or TLS, but not UDP) for SIP transport. Also, the remote client
must be authenticated, or Asterisk must be configured for anonymous calling. (CVE-2020-28327)

- An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x
before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is
received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that
contains a tel-uri in the Diversion header. (CVE-2020-35652)

- A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and
18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
(CVE-2020-35776)

- Incorrect access controls in res_srtp.c in Sangoma Asterisk 13.38.1, 16.16.0, 17.9.1, and 18.2.0 and
Certified Asterisk 16.8-cert5 allow a remote unauthenticated attacker to prematurely terminate secure
calls by replaying SRTP packets. (CVE-2021-26712)

See Also

https://git.alpinelinux.org/aports/commit/?id=26818766067e174223aafe58d87c5778677f9f58

https://git.alpinelinux.org/aports/commit/?id=9d426cf7a7701ee6707224d3e9f6d07553a56de1

Plugin Details

Severity: High

ID: 400268

Version: Revision 1.22

Type: Local

Published: 8/16/2023

Updated: 1/17/2024

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2021-26717

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/24/2021

Vulnerability Publication Date: 11/6/2020

Reference Information

CVE: CVE-2020-28327, CVE-2020-35652, CVE-2020-35776, CVE-2021-26712, CVE-2021-26713, CVE-2021-26717, CVE-2021-26906