chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x before 1.8.7.1 and 10.x before 10.0.0-rc1 does not properly initialize variables during request parsing, which allows remote authenticated users to cause a denial of service (daemon crash) via a malformed request.

According to the version in its SIP banner, the version of Asterisk running on the remote host can be crashed remotely by an authenticated user when parsing an invalid SIP URI.

The Asterisk Development Team has announced a security release for Asterisk= 1.8. The available security release is released as version 1.8.7.1.

This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing whic= h can lead to a remotely exploitable crash :

Remote Crash Vulnerability in SIP channel driver (AST-2011-012)

The issue and resolution is described in the AST-2011-012 security advisory.

For more information about the details of this vulnerability, please read t= he security advisory AST-2011-012, which was released at the same time as this announcement.

For a full list of changes in the current release, please see the ChangeLog :

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLo g-1.8= .7.1

Security advisory AST-2011-012 is available at :

http://downloads.asterisk.org/pub/security/AST-2011-012.pdf

----------------------------------------------------------------------
-----=

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201110-21 (Asterisk: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Asterisk. Please review       the CVE identifiers referenced below for details.
  Impact :

    An unauthenticated remote attacker may execute code with the privileges       of the Asterisk process or cause a Denial of Service.
  Workaround :

    There is no known workaround at this time.

Versions of Asterisk 1.8.x earlier than 1.8.7.1 are potentially affected by a denial of service attack in the SIP channel driver.  A remote authenticated attacker can cause a crash with a malformed request due to an uninitialized variable.

Asterisk project reports :

A remote authenticated user can cause a crash with a malformed request due to an uninitialized variable.

ID	Name	Product	Family	Severity
56922	Asterisk SIP Channel Driver Uninitialized Variable Request Parsing DoS (AST-2011-012)	Nessus	Denial of Service	medium
56788	Fedora 15 : asterisk-1.8.7.1-1.fc15 (2011-14538)	Nessus	Fedora Local Security Checks	medium
56787	Fedora 16 : asterisk-1.8.7.1-1.fc16 (2011-14480)	Nessus	Fedora Local Security Checks	medium
56625	GLSA-201110-21 : Asterisk: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
6043	Asterisk Remote Crash Vulnerability in SIP Channel Driver (AST-2011-012)	Nessus Network Monitor	Generic	medium
56527	FreeBSD : asterisk -- remote crash vulnerability in SIP channel driver (a95092a6-f8f1-11e0-a7ea-00215c6a37bb)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2011-4063

medium

Tenable Plugins

medium

medium

medium

high

medium

medium