Advisories ยป MGASA-2014-0171

Updated asterisk packages fix security vulnerabilities

Publication date: 15 Apr 2014
Modification date: 15 Apr 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7100 , CVE-2014-2286 , CVE-2014-2287

Description

Updated asterisk packages fix security vulnerabilities:

In Asterisk before 11.6.1, a 16 bit SMS message that contains an odd message
length value will cause the message decoding loop to run forever. The message
buffer is not on the stack but will be overflowed resulting in corrupted
memory and an immediate crash (CVE-2013-7100).

In Asterisk before 11.6.1, external control protocols, such as the Asterisk
Manager Interface, often have the ability to get and set channel variables;
this allows the execution of dialplan functions. Reading the SHELL() function
can execute arbitrary commands on the system Asterisk is running on. Writing
to the FILE() function can change any file that Asterisk has write access to.
When these functions are executed from an external protocol, that execution
could result in a privilege escalation (AST-2013-007).

In Asterisk before 11.8.1, sending a HTTP request that is handled by Asterisk
with a large number of Cookie headers could overflow the stack. You could
even exhaust memory if you sent an unlimited number of headers in the request
(CVE-2014-2286).

In Asterisk before 11.8.1, an attacker can use all available file descriptors
using SIP INVITE requests. Each INVITE meeting certain conditions will leak a
channel and several file descriptors. The file descriptors cannot be released
without restarting Asterisk which may allow intrusion detection systems to be
bypassed by sending the requests slowly (CVE-2014-2287).

References

SRPMS

3/core