Bug 928550 - (CVE-2013-2685) CVE-2013-2685 asterisk: buffer overflow via SIP SDP header (AST-2013-001)
CVE-2013-2685 asterisk: buffer overflow via SIP SDP header (AST-2013-001)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20130327,repo...
: Security
Depends On: 928552
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-27 18:02 EDT by Vincent Danen
Modified: 2013-04-10 18:37 EDT (History)
4 users (show)

See Also:
Fixed In Version: asterisk 11.2.2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-10 18:37:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2013-03-27 18:02:30 EDT
A buffer overflow flaw was found in how Asterisk parsed SIP SDP headers:

The format attribute resource for h264 video performs an
unsafe read against a media attribute when parsing the SDP.
The vulnerable parameter can be received as strings of an
arbitrary length and Asterisk attempts to read them into
limited buffer spaces without applying a limit to the
number of characters read. If a message is formed
improperly, this could lead to an attacker being able to
execute arbitrary code remotely.

This affects the 11.x series of Asterisk and is corrected in version
11.2.2.  Earlier versions are not affected.


External References:

http://downloads.asterisk.org/pub/security/AST-2013-001.html
Comment 1 Vincent Danen 2013-03-27 18:12:29 EDT
Created asterisk tracking bugs for this issue

Affects: fedora-18 [bug 928552]
Comment 2 Fedora Update System 2013-04-06 20:28:27 EDT
asterisk-11.2.2-1.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.