https://bugzilla.novell.com/show_bug.cgi?id=372236 Summary: VUL-0: AST-2008-004: Format String Vulnerability in Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: mweckbecker@novell.com QAContact: qa@suse.de CC: security-team@suse.de Found By: --- Your friendly security team received the following report via full-disclosure. Please respond ASAP. The issue is public. Date: Tue, 18 Mar 2008 18:32:23 -0500 From: Asterisk Security Team <security@asterisk.org> To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] AST-2008-004: Format String Vulnerability in Logger and Manager Asterisk Project Security Advisory - AST-2008-004 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Format String Vulnerability in Logger and Manager | |--------------------+---------------------------------------------------| | Nature of Advisory | Denial of Service | |--------------------+---------------------------------------------------| | Susceptibility | Remote Unauthenticated Sessions | |--------------------+---------------------------------------------------| | Severity | Moderate | |--------------------+---------------------------------------------------| | Exploits Known | No | |--------------------+---------------------------------------------------| | Reported On | March 13, 2008 | |--------------------+---------------------------------------------------| | Reported By | Steve Davies (bugs.digium.com user stevedavies) | | | | | | Brandon Kruse (bugs.digium.com user bkruse) | |--------------------+---------------------------------------------------| | Posted On | March 18, 2008 | |--------------------+---------------------------------------------------| | Last Updated On | March 18, 2008 | |--------------------+---------------------------------------------------| | Advisory Contact | Joshua Colp <jcolp@digium.com> | |--------------------+---------------------------------------------------| | CVE Name | CVE-2008-1333 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | Logging messages displayed using the ast_verbose logging | | | API call are not displayed as a character string, they | | | are displayed as a format string. | | | | | | Output as a result of the Manager command "command" is | | | not appended to the resulting response message as a | | | character string, it is appended as a format string. | | | | | | It is possible in both instances for an attacker to | | | provide a formatted string as a value for input which | | | can cause a crash. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | Input given to both the ast_verbose logging API call and | | | astman_append function is now interpreted as a character | | | string and not as a format string. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Affected Versions | |------------------------------------------------------------------------| | Product | Release | | | | Series | | |----------------------------+---------+---------------------------------| | Asterisk Open Source | 1.0.x | Unaffected | |----------------------------+---------+---------------------------------| | Asterisk Open Source | 1.2.x | Unaffected | |----------------------------+---------+---------------------------------| | Asterisk Open Source | 1.4.x | Unaffected | |----------------------------+---------+---------------------------------| | Asterisk Open Source | 1.6.x | All versions prior to | | | | 1.6.0-beta6 | |----------------------------+---------+---------------------------------| | Asterisk Business Edition | A.x.x | Unaffected | |----------------------------+---------+---------------------------------| | Asterisk Business Edition | B.x.x | Unaffected | |----------------------------+---------+---------------------------------| | Asterisk Business Edition | C.x.x | Unaffected | |----------------------------+---------+---------------------------------| | AsteriskNOW | 1.0.x | Unaffected | |----------------------------+---------+---------------------------------| | Asterisk Appliance | 0.x.x | Unaffected | | Developer Kit | | | |----------------------------+---------+---------------------------------| | s800i (Asterisk Appliance) | 1.0.x | Unaffected | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Corrected In | |------------------------------------------------------------------------| | Product | Release | |---------------+--------------------------------------------------------| | Asterisk Open | 1.6.0-beta6, available from | | Source | http://downloads.digium.com/pub/telephony/asterisk | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Links | http://bugs.digium.com/view.php?id=12205 | | | | | | http://bugs.digium.com/view.php?id=12206 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Asterisk Project Security Advisories are posted at | | http://www.asterisk.org/security | | | | This document may be superseded by later versions; if so, the latest | | version will be posted at | | http://downloads.digium.com/pub/security/AST-2008-004.pdf and | | http://downloads.digium.com/pub/security/AST-2008-004.html | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Revision History | |------------------------------------------------------------------------| | Date | Editor | Revisions Made | |------------------+--------------------+--------------------------------| | 2008-03-18 | Joshua Colp | Initial Release | +------------------------------------------------------------------------+ Asterisk Project Security Advisory - AST-2008-004 Copyright (c) 2008 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.