certfr_avis - certa-2009-avi-322

CERTA-2009-AVI-322

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans la plateforme de téléphonie (PBX) Asterisk. L'exploitation de ces dernières peut provoquer un dysfonctionnement du service.

Description

Plusieurs vulnérabilités ont été identifiées dans la plateforme de téléphonie (PBX) Asterisk. Elles concernent l'usage incorrect de la fonction C sscanf dans le code de l'application. Les données qui lui sont passées en entrée sont de longueur arbitraire et non contrôlée. Ce mauvais contrôle peut être exploité par une personne distante via des trames spécialement construites (Invite SIP par exemple) afin de perturber le service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Asterisk	Asterisk	Asterisk Business Edition, série C.2.x pour les versions antérieures à C.2.4.1 ;
Asterisk	Asterisk	Asterisk Open Source, série 1.2.x pour les versions antérieures à 1.2.34 ;
Asterisk	Asterisk	Asterisk Business Edition, série A.x.x ;
Asterisk	N/A	boitiers s800i, série 1.2.x pour les versions antérieures à 1.3.0.3.
Asterisk	Asterisk	Asterisk Business Edition, série B.x.x pour les versions antérieures à B.2.5.9 ;
Asterisk	Asterisk	Asterisk Open Source, série 1.4.x pour les versions antérieures à 1.4.26.1 ;
Asterisk	Asterisk	Asterisk Business Edition, série C.3.x pour les versions antérieures à C.3.1 ;
Asterisk	Asterisk	Asterisk Open Source, série 1.6.0.x pour les versions antérieures à 1.6.0.12 ;
Asterisk	Asterisk	Asterisk Open Source, série 1.6.1.x pour les versions antérieures à 1.6.1.4 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Asterisk AST-2009-005 du 10 août 2009	None	vendor-advisory
Bulletin de sécurité Asterisk AST-2009-005 du 10 août 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Asterisk Business Edition, s\u00e9rie C.2.x pour les versions ant\u00e9rieures \u00e0 C.2.4.1 ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "Asterisk Open Source, s\u00e9rie 1.2.x pour les versions ant\u00e9rieures \u00e0 1.2.34 ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "Asterisk Business Edition, s\u00e9rie A.x.x ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "boitiers s800i, s\u00e9rie 1.2.x pour les versions ant\u00e9rieures \u00e0 1.3.0.3.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "Asterisk Business Edition, s\u00e9rie B.x.x pour les versions ant\u00e9rieures \u00e0 B.2.5.9 ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "Asterisk Open Source, s\u00e9rie 1.4.x pour les versions ant\u00e9rieures \u00e0 1.4.26.1 ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "Asterisk Business Edition, s\u00e9rie C.3.x pour les versions ant\u00e9rieures \u00e0 C.3.1 ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "Asterisk Open Source, s\u00e9rie 1.6.0.x pour les versions ant\u00e9rieures \u00e0 1.6.0.12 ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    },
    {
      "description": "Asterisk Open Source, s\u00e9rie 1.6.1.x pour les versions ant\u00e9rieures \u00e0 1.6.1.4 ;",
      "product": {
        "name": "Asterisk",
        "vendor": {
          "name": "Asterisk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans la plateforme de\nt\u00e9l\u00e9phonie (PBX) Asterisk. Elles concernent l\u0027usage incorrect de la\nfonction C sscanf dans le code de l\u0027application. Les donn\u00e9es qui lui\nsont pass\u00e9es en entr\u00e9e sont de longueur arbitraire et non contr\u00f4l\u00e9e. Ce\nmauvais contr\u00f4le peut \u00eatre exploit\u00e9 par une personne distante via des\ntrames sp\u00e9cialement construites (Invite SIP par exemple) afin de\nperturber le service.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-2726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2726"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2009-005 du 10 ao\u00fbt    2009\u00a0:",
      "url": "http://downloads.asterisk.org/pub/security/AST-2009-005.html"
    }
  ],
  "reference": "CERTA-2009-AVI-322",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-08-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans la plateforme de\nt\u00e9l\u00e9phonie (PBX) Asterisk. L\u0027exploitation de ces derni\u00e8res peut\nprovoquer un dysfonctionnement du service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Asterisk",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Asterisk AST-2009-005 du 10 ao\u00fbt 2009",
      "url": null
    }
  ]
}

CVE-2009-2726 (GCVE-0-2009-2726)

Vulnerability from cvelistv5 – Published: 2009-08-12 10:00 – Updated: 2024-08-07 05:59

Summary

The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://labs.mudynamics.com/advisories/MU-200908-01.txt	x_refsource_MISC
	http://www.vupen.com/english/advisories/2009/2229	vdb-entryx_refsource_VUPEN
	http://downloads.digium.com/pub/security/AST-2009…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/36015	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/505669/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securitytracker.com/id?1022705	vdb-entryx_refsource_SECTRACK
	http://secunia.com/advisories/36227	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:57.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
          },
          {
            "name": "ADV-2009-2229",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2229"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
          },
          {
            "name": "36015",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36015"
          },
          {
            "name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
          },
          {
            "name": "1022705",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022705"
          },
          {
            "name": "36227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36227"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
        },
        {
          "name": "ADV-2009-2229",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2229"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
        },
        {
          "name": "36015",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36015"
        },
        {
          "name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
        },
        {
          "name": "1022705",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022705"
        },
        {
          "name": "36227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36227"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2726",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASCII decimal characters, as demonstrated via vectors related to (1) the CSeq value in a SIP header, (2) large Content-Length value, and (3) SDP."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://labs.mudynamics.com/advisories/MU-200908-01.txt",
              "refsource": "MISC",
              "url": "http://labs.mudynamics.com/advisories/MU-200908-01.txt"
            },
            {
              "name": "ADV-2009-2229",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2229"
            },
            {
              "name": "http://downloads.digium.com/pub/security/AST-2009-005.html",
              "refsource": "CONFIRM",
              "url": "http://downloads.digium.com/pub/security/AST-2009-005.html"
            },
            {
              "name": "36015",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36015"
            },
            {
              "name": "20090811 AST-2009-005: Remote Crash Vulnerability in SIP channel driver",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/505669/100/0/threaded"
            },
            {
              "name": "1022705",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022705"
            },
            {
              "name": "36227",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36227"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2726",
    "datePublished": "2009-08-12T10:00:00",
    "dateReserved": "2009-08-10T00:00:00",
    "dateUpdated": "2024-08-07T05:59:57.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTA-2009-AVI-322

Description

Solution

CVE-2009-2726 (GCVE-0-2009-2726)

Tags

Sightings

Nomenclature