Asterisk 13.13 < 13.13-cert4 / 13.x < 13.15.1 / 14.x < 14.4.1 Multiple Vulnerabilities (AST-2017-002 - AST-2017-004)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

A telephony application running on the remote host is affected by
multiple vulnerabilities.

Description :

According to its SIP banner, the version of Asterisk running on the
remote host is 13.13 prior to 13.13-cert4, 13.x prior to 13.15.1, or
14.x prior to 14.4.1. Is it, therefore, affected by multiple
vulnerabilities :

- An out-of-bounds read error exists in the multi-part
body parser in PJSIP due to reading memory outside the
allowed boundaries. An unauthenticated, remote attacker
can exploit this, via specially crafted packets, to
trigger an invalid read, resulting in a denial of
service condition. (VulnDB 157966)

- A denial of service vulnerability exists in 'partial
data' message logging when handling SCCP packets that
have 'chan_skinny' enabled and that are larger than the
length of the SCCP header but smaller than the packet
length specified in the header. The loop that reads the
rest of the packet fails to detect that the call to
read() returned end-of-file before the expected number
of bytes and therefore continues indefinitely. An
unauthenticated, remote attacker can exploit this issue,
via specially crafted packets, to exhaust all available
memory. (VulnDB 157967)

- A denial of service vulnerability exists in the PJSIP
RFC 2543 transaction key generation algorithm due to a
failure to allocate a sufficiently large buffer when
handling a SIP packet with a specially crafted CSeq
header and a Via header with no branch parameter.
An unauthenticated, remote attacker can exploit this,
via specially crafted packets, to overflow the buffer,
resulting in memory corruption and an eventual crash.
(VulnDB 157973)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://downloads.asterisk.org/pub/security/AST-2017-002.html
http://downloads.asterisk.org/pub/security/AST-2017-003.html
http://downloads.asterisk.org/pub/security/AST-2017-004.html

Solution :

Upgrade to Asterisk version 13.13-cert4 / 13.15.1 / 14.4.1 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 100386 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now