Re: CVE Request -- Asterisk -- AST-2011-013 and AST-2011-014

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/09/2011 05:00 AM, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
> the following two security flaws have been recently fixed:
> http://www.asterisk.org/node/51693
>
> in Asterisk:
>
> 1) AST-2011-013 Possible to enumerate SIP usernames when general and
user/peer NAT settings differed
> An information disclosure flaw was found in the way Asterisk handled UDP
> requests in configurations using network address translation (NAT) for
the SIP
> protocol. When the general configuration file section and user / peer
> configuration file section NAT settings differed, it was possible to
enumerate
> SIP usernames if the request was sent to different port as that,
specified in
> the Via header.
>
> References:
> [1] http://www.asterisk.org/node/51693
> [2] http://downloads.asterisk.org/pub/security/AST-2011-013.pdf
> [3]
http://lists.digium.com/pipermail/asterisk-dev/2011-November/thread.html#52191
> [4] https://bugs.gentoo.org/show_bug.cgi?id=394095
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=765773
>
> Upstream bug report:
> [6] https://issues.asterisk.org/jira/browse/ASTERISK-18862
>
> Upstream review board request:
> [7] https://reviewboard.asterisk.org/r/1591/
>
> Upstream patch (for 1.8 branch):
> [8]
http://svnview.digium.com/svn/asterisk?view=revision&sortby=date&revision=345828

Please use CVE-2011-4597 for this issue.

> 2) AST-2011-014 NULL pointer dereference (crash) when processing INFO
automon message
> with no channel
>
> A NULL pointer dereference flaw was found in the way Asterisk handled INFO
> requests, when the 'automon' feature was enabled. If no channel had been
> created yet, a remote attacker could use this flaw to cause a denial of
service
> (asterisk crash) by sending an INFO request.
>
> References:
> [9] http://www.asterisk.org/node/51693
> [10] http://downloads.asterisk.org/pub/security/AST-2011-014.pdf
> [11] https://bugs.gentoo.org/show_bug.cgi?id=394095
> [12] https://bugzilla.redhat.com/show_bug.cgi?id=765776
>
> Upstream patch (for 1.8 branch):
> [13]
http://svnview.digium.com/svn/asterisk?view=revision&sortby=date&revision=347533

Please use CVE-2011-4598 for this issue.

> Could you allocate CVE ids for these?
>
> Thank you && Regards, Jan.
> --
> Jan iankko Lieskovsky / Red Hat Security Response Team


- -- 

- -Kurt Seifried / Red Hat Security Response Team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iQIcBAEBAgAGBQJO4jIrAAoJEBYNRVNeJnmTGScQAL/sfa8d1mz9DvVbUXiGzKc7
yTfdocBw0e7P3WD/o561aH6tSWR+QBYrZEs3xAe8je3QOVZgQq4iCcvsb374Cw6O
UkoO/NUvI0IAplGZCZlgpooJbUoNvNBxiOz6wvE6fMlr2+XA5DYufc6vtHVbskXX
L2eqcdcKjWnV3B2MsW6iHMVbg2n1a5augLRuLpvBLMt3G8mEt2DkwtVHKif8ne5K
mAFF7B3ugfuHC54VN/EsTF8xnYIyOVol0kJo8LSpyatOQ4aCWLU7FYFn2kCaLky4
1SNtiewAWH38NXGJa6SsI6RILvZJv/IfnN4YFba5LhIhQ+EvvrWdt3d5QVdojPKp
07JWEOcVg3OsuIxW7np0Ze6chBLYlKA69ta4W7wQXvO8brK4QSHW3VNICbshcNTn
UaYkqNNxfVL4zxVu/EpTim5CpPJxOk9Eaiu/RnR3BuCto9YikzLE2A5pxobXvGU1
6wZ68DxuJ8e+lOE6VHYZB7WbtshowJVw81pZkXMGiueDg1wCY/+TjRblZemV/yi8
+kIXM4dSeuRZfjIPx1k16JoJzlP4k/7JBePbT/As/aw9P9yF6TvSR7HRi+02b3EO
kGjqjG6cqQm+23P+gS/Q1+ZhmLJ1F+OUmswD6RdZoG2Gt+t2xAjH2ghgrRr2nH47
OaUspa1cxToCHKx4s9qP
=A8Jr
-----END PGP SIGNATURE-----