FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)

high Nessus Plugin ID 100313

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Asterisk project reports :

A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By overrunning the buffer, the memory allocation table becomes corrupted, leading to an eventual crash.

The multi-part body parser in PJSIP contains a logical error that can make certain multi-part body parts attempt to read memory from outside the allowed boundaries. A specially crafted packet can trigger these invalid reads and potentially induce a crash.

This issues is in PJSIP, and so the issue can be fixed without performing an upgrade of Asterisk at all. However, we are releasing a new version of Asterisk with the bundled PJProject updated to include the fix.

If you are running Asterisk with chan_sip, this issue does not affect you.

Solution

Update the affected packages.

See Also

http://downloads.asterisk.org/pub/security/AST-2017-002.html

http://downloads.asterisk.org/pub/security/AST-2017-003.html

http://www.nessus.org/u?8d760270

Plugin Details

Severity: High

ID: 100313

File Name: freebsd_pkg_0537afa33ce011e7bf9d001999f8d30b.nasl

Version: 3.3

Type: local

Published: 5/22/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:asterisk13, p-cpe:/a:freebsd:freebsd:pjsip, p-cpe:/a:freebsd:freebsd:pjsip-extsrtp, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 5/19/2017

Vulnerability Publication Date: 4/12/2017