* You are viewing Posts Tagged ‘Security’

AST-2012-011: Remote Crash Vulnerability In Voice Mail Application

If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

Management of the memory in question has been reworked so that double frees and out of bounds array access do not occur. Upgrade to the latest release.

Affected Versions

  • Product Release Series
  • Asterisk Open Source 1.8.x 1.8.11 and newer
  • Asterisk Open Source 10.x 10.3 and newer
  • Certified Asterisk 1.8.11-certx All versions
  • Asterisk Digiumphones 10.x.x-digiumphones All versions

Corrected In

  • Product Release
  • Asterisk Open Source 1.8.13.1, 10.5.2
  • Certified Asterisk 1.8.11-cert4
  • Asterisk Digiumphones 10.5.2-digiumphones

Skinny Channel Driver Remote Crash Vulnerability

A previously developed patch dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer.

Similar to the problem solved with the previous patch, a remote attacker with a valid SCCP ID can use this vulnerability by closing a connection to the Asterisk server when a station is in the “Off Hook” call state and crash the server.

Now the presence of a device for a line is checked in the appropriate channel callbacks, preventing the crash.

you can download the latest Asterisk packages in the download section, as usual.

Stay tunned for more security updates.

Asterisk Manager User Unauthorized Shell Access

A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any functions or applications that run system commands.

Asterisk now performs checks against manager commands that cause these behaviors for each of the affected actions.

The following versions are affected:

  • Asterisk Open Source 1.6.2.x All versions
  • Asterisk Open Source 1.8.x All versions
  • Asterisk Open Source 10.x All versions
  • Asterisk Business Edition C.3.x All versions

Corrected In Product Release:

  • Asterisk Open Source 1.6.2.24, 1.8.11.1, 10.3.1
  • Asterisk Business Edition C.3.7.4

Asterisk 1.8.8.2 and 10.0.1 Now Available (Security Release)

The Asterisk Development Team has announced security releases for Asterisk 1.8
and 10. The available security releases are released as versions 1.8.8.2 and
10.0.1. Please note that the security vulnerability in Asterisk 1.8 and 10
does not exist for Asterisk versions 1.4 or 1.6.2.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk versions 1.8.8.2 and 10.0.1 resolves an issue
wherein an attacker attempting to negotiate a secure video stream can crash
Asterisk if video support has not been enabled and the res_srtp Asterisk
module is loaded.

The issue and its resolution is described in the security advisory.

For more information about the details of these vulnerabilities, please read the
security advisory AST-2012-001, which were released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.8.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.0.1

Security advisory AST-2012-001 is available at:

* http://downloads.asterisk.org/pub/security/AST-2012-001.pdf

Thank you for your continued support of Asterisk!

SRTP Video Remote Crash Vulnerability

Asterisk Project Security Advisory – AST-2012-001

+————————————————————————+
| Product | Asterisk |
|———————-+————————————————-|
| Summary | SRTP Video Remote Crash Vulnerability |
|———————-+————————————————-|
| Nature of Advisory | Denial of Service |
|———————-+————————————————-|
| Susceptibility | Remote unauthenticated sessions |
|———————-+————————————————-|
| Severity | Moderate |
|———————-+————————————————-|
| Exploits Known | No |
|———————-+————————————————-|
| Reported On | 2012-01-15 |
|———————-+————————————————-|
| Reported By | Catalin Sanda |
|———————-+————————————————-|
| Posted On | 2012-01-19 |
|———————-+————————————————-|
| Last Updated On | January 19, 2012 |
|———————-+————————————————-|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|———————-+————————————————-|
| CVE Name | |
+————————————————————————+

+————————————————————————+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+————————————————————————+

+————————————————————————+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | “Corrected In” section, or apply a patch specified in the |
| | “Patches” section. |
+————————————————————————+

+————————————————————————+
| Affected Versions |
|————————————————————————|
| Product | Release Series | |
|——————————-+—————-+———————–|
| Asterisk Open Source | 1.8.x | All versions |
|——————————-+—————-+———————–|
| Asterisk Open Source | 10.x | All versions |
+————————————————————————+

+————————————————————————+
| Corrected In |
|————————————————————————|
| Product | Release |
|——————————————+—————————–|
| Asterisk Open Source | 1.8.8.2 |
|——————————————+—————————–|
| Asterisk Open Source | 10.0.1 |
+————————————————————————+

+————————————————————————+
| Patches |
|————————————————————————|
| SVN URL |Branch|
|—————————————————————–+——|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|—————————————————————–+——|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+————————————————————————+

+————————————————————————+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+————————————————————————+

+————————————————————————+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+————————————————————————+

+————————————————————————+
| Revision History |
|————————————————————————|
| Date | Editor | Revisions Made |
|—————–+——————–+———————————|
| 12-01-19 | Joshua Colp | Initial release |
+————————————————————————+

Asterisk Project Security Advisory – AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

How to query Microsoft SQL server for caller-id source

Any suggestions from people who have done this before?

Thanks,
-
Doug Mortensen
Network Consultant
Impala Networks Inc
CCNA, MCSA, Security+, A+
Linux+, Network+, Server+
A.A.S. Information Technology
.
www.impalanetworks.com
P: (505) 327-7300
F: (505) 327-7545