Bug 832625 (CVE-2012-3553)

Summary: CVE-2012-3553 asterisk: skinny channel driver remote crash vulnerability
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: itamar, jeff, lmadsen, rbryant
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20120614,reported=20120615,source=full-disclosure,cvss2=3.5/AV:N/AC:M/Au:S/C:N/I:N/A:P,fedora-17/asterisk=affected,epel-6/asterisk=notaffected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 832626    
Bug Blocks:    

Description Vincent Danen 2012-06-15 21:16:29 EDT 
AST-2012-008 previously dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer.

Similar to AST-2012-008, a remote attacker with a valid SCCP ID can can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and crash the server.

This only affects version 10, and is fixed in 10.5.1.

References:

http://downloads.digium.com/pub/security/AST-2012-009.html
https://issues.asterisk.org/jira/browse/ASTERISK-19905
http://downloads.asterisk.org/pub/security/AST-2012-009-10.diff
Comment 1 Vincent Danen 2012-06-15 21:18:05 EDT 
Created asterisk tracking bugs for this issue

Affects: fedora-17 [bug 832626]
Comment 2 Fedora Update System 2012-06-25 20:39:00 EDT 
asterisk-10.5.1-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.