Debian Bug report logs -
#859910
asterisk: CVE-2017-7617: AST-2017-001: Buffer overflow in CDR's set user
Reported by: Bernhard Schmidt <berni@debian.org>
Date: Sun, 9 Apr 2017 07:39:02 UTC
Severity: important
Tags: patch, security, upstream
Found in version asterisk/1:13.0.0~dfsg-1
Fixed in version asterisk/1:13.14.1~dfsg-1
Done: Bernhard Schmidt <berni@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#859910; Package src:asterisk.
(Sun, 09 Apr 2017 07:39:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Bernhard Schmidt <berni@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>.
(Sun, 09 Apr 2017 07:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: src:asterisk
Version: 1:13.0.0~dfsg-1
Severity: important
Tags: security patch upstream
See http://downloads.asterisk.org/pub/security/AST-2017-001.html
Asterisk Project Security Advisory - AST-2017-001
Product Asterisk
Summary Buffer overflow in CDR's set user
Nature of Advisory Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On March 27, 2017
Reported By Alex Villacis Lasso
Posted On
Last Updated On April 4, 2017
Advisory Contact kharwell AT digium DOT com
CVE Name
Description No size checking is done when setting the user field on a
CDR. Thus, it is possible for someone to use an arbitrarily
large string and write past the end of the user field
storage buffer. This allows the possibility of remote code
injection.
This currently affects any system using CDR's that also
make use of the following:
* The 'X-ClientCode' header within a SIP INFO message when
using chan_sip and
the 'useclientcode' option is enabled (note, it's disabled
by default).
* The CDR dialplan function executed from AMI when setting
the user field.
* The AMI Monitor action when using a long file name/path.
Resolution The CDR engine now only copies up to the maximum allowed
characters into the user field. Any characters outside the
maximum are truncated.
Affected Versions
Product Release
Series
Asterisk Open Source 13.x All Releases
Asterisk Open Source 14.x All Releases
Certified Asterisk 13.13 All Releases
Corrected In
Product Release
Asterisk Open Source 13.14.1,14.3.1
Certified Asterisk 13.13-cert3
Patches
SVN URL Revision
http://downloads.asterisk.org/pub/security/AST-2017-001-13.diff Asterisk
13
http://downloads.asterisk.org/pub/security/AST-2017-001-14.diff Asterisk
14
http://downloads.asterisk.org/pub/security/AST-2017-001-13.13.diff Certified
Asterisk
13.13
Links https://issues.asterisk.org/jira/browse/ASTERISK-26897
Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security
This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2017-001.pdf and
http://downloads.digium.com/pub/security/AST-2017-001.html
Revision History
Date Editor Revisions Made
March, 27, 2017 Kevin Harwell Initial Revision
Reply sent
to Bernhard Schmidt <berni@debian.org>:
You have taken responsibility.
(Mon, 10 Apr 2017 12:36:03 GMT) (full text, mbox, link).
Notification sent
to Bernhard Schmidt <berni@debian.org>:
Bug acknowledged by developer.
(Mon, 10 Apr 2017 12:36:03 GMT) (full text, mbox, link).
Message #10 received at 859910-close@bugs.debian.org (full text, mbox, reply):
Source: asterisk
Source-Version: 1:13.14.1~dfsg-1
We believe that the bug you reported is fixed in the latest version of
asterisk, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 859910@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bernhard Schmidt <berni@debian.org> (supplier of updated asterisk package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 10 Apr 2017 12:53:03 +0200
Source: asterisk
Binary: asterisk asterisk-modules asterisk-dahdi asterisk-vpb asterisk-voicemail asterisk-voicemail-imapstorage asterisk-voicemail-odbcstorage asterisk-ooh423 asterisk-mp3 asterisk-mysql asterisk-mobile asterisk-doc asterisk-dev asterisk-config
Architecture: source
Version: 1:13.14.1~dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
asterisk - Open Source Private Branch Exchange (PBX)
asterisk-config - Configuration files for Asterisk
asterisk-dahdi - DAHDI devices support for the Asterisk PBX
asterisk-dev - Development files for Asterisk
asterisk-doc - Source code documentation for Asterisk
asterisk-mobile - Bluetooth phone support for the Asterisk PBX
asterisk-modules - loadable modules for the Asterisk PBX
asterisk-mp3 - MP3 playback support for the Asterisk PBX
asterisk-mysql - MySQL database protocol support for the Asterisk PBX
asterisk-ooh423 - H.323 protocol support for the Asterisk PBX - ooH323c
asterisk-voicemail - simple voicemail support for the Asterisk PBX
asterisk-voicemail-imapstorage - IMAP voicemail storage support for the Asterisk PBX
asterisk-voicemail-odbcstorage - ODBC voicemail storage support for the Asterisk PBX
asterisk-vpb - VoiceTronix devices support for the Asterisk PBX
Closes: 859910 859911
Changes:
asterisk (1:13.14.1~dfsg-1) unstable; urgency=medium
.
* New upstream version 13.14.1
- Fixes AST-2017-001 (Buffer overflow in CDR's set user) (Closes: #859910)
* Import upstream fix to set the RTP source address to the address bound by
the PJSIP transport (Closes: #859911)
Checksums-Sha1:
06a358871e5b17cc079e96d19da8c7be0e1eb461 4105 asterisk_13.14.1~dfsg-1.dsc
ad3b0601910c7b9debd8edee25bcfe985666280f 6152096 asterisk_13.14.1~dfsg.orig.tar.xz
3ae6733be7495d5d1567f451116749b1a2a53bf2 129196 asterisk_13.14.1~dfsg-1.debian.tar.xz
2b84c1a2a86e37bda4cd812ec884d69c11f964a5 26165 asterisk_13.14.1~dfsg-1_amd64.buildinfo
Checksums-Sha256:
9d4a3c76d1cfcd0f42a9a5d94630c7dab4d1565ec85f57e5506da5875b487743 4105 asterisk_13.14.1~dfsg-1.dsc
9f52c386cb3eec6f01af7f1e03818280870896defde0da9f8f032db351a642b7 6152096 asterisk_13.14.1~dfsg.orig.tar.xz
80b09af2f649ff4be876cc68a86863e0b0111081c0f8c888f7c4a2cd537dac2e 129196 asterisk_13.14.1~dfsg-1.debian.tar.xz
6bd8c028c147e2a0abfa8d1cc98d89da190f9cd9405c9ccd16c5b0f76880ff2d 26165 asterisk_13.14.1~dfsg-1_amd64.buildinfo
Files:
0f94805175390a87c1c9af208d3b7d2a 4105 comm optional asterisk_13.14.1~dfsg-1.dsc
6db73384168c17ebe6160ba96c5c6209 6152096 comm optional asterisk_13.14.1~dfsg.orig.tar.xz
67c0c9a53e947082ab777dd03260716f 129196 comm optional asterisk_13.14.1~dfsg-1.debian.tar.xz
0c0e955cb4b319303de409f8f54175ce 26165 comm optional asterisk_13.14.1~dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCAAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAljrdtARHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJP2MQ/+J94Zbftcw1sinwr6aAHZtQ3r10hGEPFZ
savhjehoE0dpyEsoEl4DKvZ9wHHCKTeFVKUp+fAA+AcLC/pDOkQqf5A8LmuPvnkZ
/6kiJmFXk9C9SWflMmhkVrPflDuFJKGUO45oME7m0OraHOG5JSQaOiRtaKC+oHR2
Lq+aHbpiY6dlGXduDp8hiy6T1mUuUnCbbn1Z/wEz5rn/Fs8ZOJv6lupl5obnNNQh
Zp2AJsmZIcI5mAKRKhhOz0NrMNeJVszi5/o/fSY69x+3yce3F2wnQw+seCQ3TCZ3
gpGjBZ2usswThsVkU4reACmagwsOJpOmrma1K/Opn3Y7kyFTexOfDDgt5q1XMZX/
SfHRJr2Q9UdcdJ/6wy/Tub8qsXvhUTMZ4tzJwUz27WWLsos9RF5JaBfW6KPK831J
Y+3HhfbFgeDM8xwpgus6HgQCHtU6+FW5X7aIlzxMNJXUXfe7uxWEcnzoUDCh4InV
LkFObWAUAEePNn/aH5bY88oiYjTXN0IYgMor6DgrBTdmG16E4DcW/oBgAmzhu+nC
GwauT/q7xu5FZkCV/cSwTPQ965NRvUX2vz1ap6GXQglZ3I7GFWJuafeF7o9FgsSn
fxbK2zz5q3FLWPKRZoVCD/AkDR420P954nQEsCJnJBTNozPJdFHfEX9reFqFDg85
lDUG57yybLM=
=r4u+
-----END PGP SIGNATURE-----
Changed Bug title to 'asterisk: CVE-2017-7617: AST-2017-001: Buffer overflow in CDR's set user' from 'AST-2017-001: Buffer overflow in CDR's set user'.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 10 Apr 2017 12:57:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 10 May 2017 07:25:05 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:12:54 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon