Vulnerable Products

Asterisk Open Source 1.6.x.
RedHat Fedora 11

Official Information

http://downloads.asterisk.org/pub/security/AST-2010-003.html 

Impact

Successful exploitation of this vulnerability may allow a remote attacker to bypass certain security restrictions like Access Control List (ACL) rules and access services from unauthorized host. This may lead to further attacks. This vulnerability is patchable.

Risk level

Medium

Vector

External

Details

Asterisk could allow a remote attacker to bypass security restrictions, caused by an error related to unpredictable behavior when host access rules are using “permit=” and “deny=” while the CIDR (Classless Inter-Domain Routing) notation “/0″ is used which causes an improper arithmetic shift and might allow remote attackers to bypass ACL rules and access services from unauthorized hosts. This is a error in “main/acl.c” function. An attacker could exploit this vulnerability to bypass access controls to gain unauthorized access to restricted hosts.

This vulnerability is documented in CVE-2010-1224

Fixed Software

This issue has been corrected in Asterisk Open Source version 1.6.0.25, 1.6.1.17 or 1.6.2.5 and updates are available in http://downloads.asterisk.org/.

 In addition, they are available patches to fix this vulnerability.

Note that even if an unauthorized host is allowed access due to this exploit, authentication measures still in place would prevent further unauthorized access.

Also, there is a workaround for this problem, which is to use the dotted-decimal format “/0.0.0.0″ instead of CIDR notation. The bug does not exist when using this format. In addition, this format is what is used in Asterisk’s sample configuration files.

Remediation

Redshift Networks UCTM solution includes ACL protection and role based control access that can protect your critical IP- Voice, Video, Unified Communications & Collaborative networks and applications. For more information on RedShift Networks, please go to www.redshiftnetworks.com

Vulnerable Products

Asterisk Open Source 1.6.x.
Asterisk Business Edition C.3.x
RedHat Fedora 11 and 12

Official Information

http://downloads.asterisk.org/pub/security/AST-2010-001.pdf

Impact

Successful exploitation of this vulnerability could allow a remote attacker to cause a Denial of Service (DoS) condition on the affected device, denying service to legitimate users.  This vulnerability is patchable. 

Risk level

High

Vector

External

Details

A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling T.38 negotiations over SIP. This issue can be exploited by sending a specially crafted SDP packet containing a “FaxMaxDatagram” field with (1) a negative number or (2) overly-large value, or (3) a SDP packet without a “FaxMaxDatagram” field. Successful exploitation of this vulnerability may cause that a vulnerable server to crash, creating a denial of service condition.

This vulnerability is documented in CVE-2010-0441.

Fixed Software

Update to the latest versions or apply patches are available.

Upgrade to Asterisk Open Source version 1.6.0.22, 1.6.1.14 or 1.6.2.2 : ftp://ftp.digium.com/pub/telephony/asterisk

Upgrade to Asterisk Business Edition version C.3.3.2 : http://downloads.digium.com/

Remediation