Bug 2255321

Summary: asterisk: PJSIP logging allows attacker to inject fake Asterisk log entries
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: asterisk 21.0.1, asterisk 18.20.1, asterisk 20.5.1, certified-asterisk 18.9-cert6 Doc Type: ---
Doc Text:
A vulnerability in Asterisk has been found where PJSIP logging permits an attacker to inject fake Asterisk log entries. By sending a fake log entry on the PJSIP signaling port, the attacker logs the entry as an invalid packet. Servers employing fail2ban or similar tools against Asterisk logs might take inappropriate actions based on these fake log entries.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2255322, 2255323    
Bug Blocks: 2254624    

Description TEJ RATHI 2023-12-20 05:50:39 UTC 
PJSIP logging allows attacker to inject fake Asterisk log entries. An attacker can send a fake Asterisk log entry on the PJSIP signaling port, resulting in the fake entry being logged as an invalid packet. Servers running fail2ban or similar against the Asterisk logs may then take inappropriate action based on the fake log entries.

https://github.com/asterisk/asterisk/security/advisories/GHSA-5743-x3p5-3rg7
Comment 1 TEJ RATHI 2023-12-20 05:52:42 UTC 
Created asterisk tracking bugs for this issue:

Affects: epel-all [bug 2255322]
Affects: fedora-all [bug 2255323]