Asterisk Multiple Vulnerabilities (AST-2013-006 / AST-2013-007)

medium Nessus Plugin ID 71538

Synopsis

A telephony application running on the remote host is affected by multiple vulnerabilities.

Description

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by the following vulnerabilities :

- A denial of service vulnerability exists in the 'unpacksms16()' function of the 'app_sms.c' source file.
When a 16-bit SMS message with an unusual message length value is received, an infinite loop will be created, causing a denial of service.

- A privilege escalation vulnerability exists because of the way dialplan functions are handled during variable substitution. Privileged dialplan functions, such as the SHELL() and FILE() functions, can be used by external control protocols, such as the Asterisk Manager Interface and Asterisk Gateway Interface. A malicious, authenticated user could use these functions to modify arbitrary files or execute arbitrary commands.

Solution

Upgrade to Asterisk 1.8.24.1 / 10.12.4 / 11.6.1 / Certified Asterisk 1.8.15-cert4 / 11.2-cert3, or apply the appropriate patches or workaround contained in the Asterisk advisories.

See Also

http://downloads.asterisk.org/pub/security/AST-2013-006.html

http://downloads.asterisk.org/pub/security/AST-2013-007.html

https://issues.asterisk.org/jira/browse/ASTERISK-22590

https://issues.asterisk.org/jira/browse/ASTERISK-22905

http://www.nessus.org/u?5269580c

http://www.nessus.org/u?989ff925

http://www.nessus.org/u?8f8ef69c

http://www.nessus.org/u?b1df629a

http://www.nessus.org/u?60d42add

Plugin Details

Severity: Medium

ID: 71538

File Name: asterisk_ast_2013_007.nasl

Version: 1.8

Type: remote

Family: Misc.

Published: 12/19/2013

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2013-7100

Vulnerability Information

CPE: cpe:/a:digium:asterisk

Required KB Items: asterisk/sip_detected, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 12/16/2013

Vulnerability Publication Date: 12/16/2013

Reference Information

CVE: CVE-2013-7100

BID: 64364, 64367