SB2018022218 - Denial of service in Digium Asterisk
Published: February 22, 2018 Updated: February 26, 2018
Security Bulletin ID
SB2018022218
Severity
Low
Patch available
YES
Number of vulnerabilities
6
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-7285)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper input validation. A remote attacker can send a specially crafted RTP data during SDP negotiation, trigger a payload number error and cause the service to crash.
2) Improper input validation (CVE-ID: CVE-2018-7284)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper input validation. A remote attacker can send a SUBSCRIBE request with specially crafted Accept headersб trigger a flaw in the 'res_pjsip_pubsub' module and cause the target service to crash.
3) Denial of service (CVE-ID: N/A)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can submit a specially crafted SDP message, which contains an improper fmtp attribute and cause the service to crash.
4) Denial of service (CVE-ID: N/A)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can submit a specially crafted SDP message, which contains an improper media format description and cause the service to crash.
5) Infinite loop (CVE-ID: CVE-2018-7287)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the res_http_websocket.c code due to insufficient length checks on WebSocket frames. A remote attacker can send send WebSocket frames with a zero-length payload, trigger a busy loop condition until the underlying socket on the system is closed and cause the service to crash.
6) Denial of service (CVE-ID: CVE-2018-7286)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists due to improper processing of INVITE messages received via the TCP or Transport Layer Security (TLS) protocols. A remote attacker can send a series of specially crafted INVITE messages over a TCP or TLS connection, trigger a segmentation fault and cause the system to crash.
Remediation
Install update from vendor's website.
References
- http://downloads.asterisk.org/pub/security/AST-2018-001.html
- http://downloads.asterisk.org/pub/security/AST-2018-004.html
- http://downloads.asterisk.org/pub/security/AST-2018-003.html
- http://downloads.asterisk.org/pub/security/AST-2018-002.html
- http://downloads.asterisk.org/pub/security/AST-2018-006.html
- http://downloads.asterisk.org/pub/security/AST-2018-005.html