Multiple Asterisk Products Remote Buffer Overflow Vulnerability

Multiple Asterisk Products are prone to a remote buffer-overflow vulnerability because they fail to perform adequate size checking.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.

Multiple Asterisk Products 4.12.0 and prior versions are vulnerable.

Information

Bugtraq ID: 97377
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: Mar 27 2017 12:00AM
Credit: Alex Villacis Lasso
Vulnerable: Asterisk Open Source 14.2.1
Asterisk Open Source 14.2
Asterisk Open Source 13.13.1
Asterisk Open Source 13.13
Asterisk Open Source 13.12
Asterisk Open Source 14.0
Asterisk Open Source 13.0
Asterisk Certified Asterisk 13.13

Not Vulnerable: Asterisk Open Source 14.3.1
Asterisk Open Source 13.14.1
Asterisk Certified Asterisk 13.13-cert3

References:

• Asterisk Homepage (Asterisk)
  
• Asterisk Project Security Advisory - AST-2017-001 (Asterisk)
  

Source: www.securityfocus.com