SB2018022218 - Denial of service in Digium Asterisk
Published: February 22, 2018 Updated: February 26, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2018-7285)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation. A remote attacker can send a specially crafted RTP data during SDP negotiation, trigger a payload number error and cause the service to crash.
2) Improper input validation (CVE-ID: CVE-2018-7284)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to improper input validation. A remote attacker can send a SUBSCRIBE request with specially crafted Accept headersб trigger a flaw in the 'res_pjsip_pubsub' module and cause the target service to crash.
3) Denial of service (CVE-ID: N/A)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can submit a specially crafted SDP message, which contains an improper fmtp attribute and cause the service to crash.
4) Denial of service (CVE-ID: N/A)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to insufficient validation of Session Description Protocol (SDP) messages. A remote attacker can submit a specially crafted SDP message, which contains an improper media format description and cause the service to crash.
5) Infinite loop (CVE-ID: CVE-2018-7287)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the res_http_websocket.c code due to insufficient length checks on WebSocket frames. A remote attacker can send send WebSocket frames with a zero-length payload, trigger a busy loop condition until the underlying socket on the system is closed and cause the service to crash.
6) Denial of service (CVE-ID: CVE-2018-7286)
CWE-ID: CWE-20 - Improper input validation
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:P/U:Clear
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists due to improper processing of INVITE messages received via the TCP or Transport Layer Security (TLS) protocols. A remote attacker can send a series of specially crafted INVITE messages over a TCP or TLS connection, trigger a segmentation fault and cause the system to crash.
Remediation
Install update from vendor's website.
References
- http://downloads.asterisk.org/pub/security/AST-2018-001.html
- http://downloads.asterisk.org/pub/security/AST-2018-004.html
- http://downloads.asterisk.org/pub/security/AST-2018-003.html
- http://downloads.asterisk.org/pub/security/AST-2018-002.html
- http://downloads.asterisk.org/pub/security/AST-2018-006.html
- http://downloads.asterisk.org/pub/security/AST-2018-005.html