This update is to fix AST-2011-013 and AST-2011-014.

Asterisk Project Security Advisory - AST-2011-013 Product Asterisk Summary Possible remote enumeration of SIP endpoints with differing NAT settings Nature of Advisory Unauthorized data disclosure Susceptibility Remote unauthenticated sessions Severity Minor Exploits Known Yes Reported On 2011-07-18 Reported By Ben Williams Posted On Last Updated On December 7, 2011 Advisory Contact Terry Wilson <twilson at digium.com> CVE Name Description It is possible to enumerate SIP usernames when the general and user/peer NAT settings differ in whether to respond to the port a request is sent from or the port listed for responses in the Via header. In 1.4 and 1.6.2, this would mean if one setting was nat=yes or nat=route and the other was either nat=no or nat=never. In 1.8 and 10, this would mean when one was nat=force_rport or nat=yes and the other was nat=no or nat=comedia. Resolution Handling NAT for SIP over UDP requires the differing behavior introduced by these options. To lessen the frequency of unintended username disclosure, the default NAT setting was changed to always respond to the port from which we received the request-the most commonly used option. Warnings were added on startup to inform administrators of the risks of having a SIP peer configured with a different setting than that of the general setting. The documentation now strongly suggests that peers are no longer configured for NAT individually, but through the global setting in the "general" context. Affected Versions Product Release Series Asterisk Open Source All All versions Corrected In As this is more of an issue with SIP over UDP in general, there is no fix supplied other than documentation on how to avoid the problem. The default NAT setting has been changed to what we believe the most commonly used setting for the respective version in Asterisk 1.4.43, 1.6.2.21, and 1.8.7.2. Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-013.pdf and http://downloads.digium.com/pub/security/AST-2011-013.html Revision History Date Editor Revisions Made Asterisk Project Security Advisory - AST-2011-013 Copyright (c) 2011 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form. __________________________________________________________________ Asterisk Project Security Advisory - AST-2011-014 Product Asterisk Summary Remote crash possibility with SIP and the "automon" feature enabled Nature of Advisory Remote crash vulnerability in a feature that is disabled by default Susceptibility Remote unauthenticated sessions Severity Moderate Exploits Known Yes Reported On November 2, 2011 Reported By Kristijan Vrban Posted On 2011-11-03 Last Updated On December 7, 2011 Advisory Contact Terry Wilson <twilson at digium.com> CVE Name Description When the "automon" feature is enabled in features.conf, it is possible to send a sequence of SIP requests that cause Asterisk to dereference a NULL pointer and crash. Resolution Applying the referenced patches that check that the pointer is not NULL before accessing it will resolve the issue. The "automon" feature can be disabled in features.conf as a workaround. Affected Versions Product Release Series Asterisk Open Source 1.6.2.x All versions Asterisk Open Source 1.8.x All versions Corrected In Product Release Asterisk Open Source 1.6.2.21, 1.8.7.2 Patches Download URL Revision http://downloads.asterisk.org/pub/security/AST-2011-014-1.6.2.diff 1.6.2.20 http://downloads.asterisk.org/pub/security/AST-2011-014-1.8.diff 1.8.7.1 Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-014.pdf and http://downloads.digium.com/pub/security/AST-2011-014.html Revision History Date Editor Revisions Made Asterisk Project Security Advisory - AST-2011-014 Copyright (c) 2011 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
2011-12-12 06:52:40 +00:00 · 2011-12-12 06:52:40 +00:00 · 5c0d086acc
commit 5c0d086acc
parent b34d2651b0
2 changed files with 15 additions and 16 deletions
--- a/comms/asterisk18/Makefile
+++ b/comms/asterisk18/Makefile
@ -1,13 +1,12 @@
-# $NetBSD: Makefile,v 1.16 2011/11/01 06:11:53 sbd Exp $
+# $NetBSD: Makefile,v 1.17 2011/12/12 06:52:40 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked

-DISTNAME=	asterisk-1.8.7.1
+DISTNAME=	asterisk-1.8.7.2
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz
-PKGREVISION=	1
 CATEGORIES=	comms net audio
 MASTER_SITES=	http://downloads.asterisk.org/pub/telephony/asterisk/ \
 		http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
--- a/comms/asterisk18/distinfo
+++ b/comms/asterisk18/distinfo
@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.14 2011/10/17 23:40:50 jnemeth Exp $
+$NetBSD: distinfo,v 1.15 2011/12/12 06:52:40 jnemeth Exp $

-SHA1 (asterisk-1.8.7.1/asterisk-1.8.7.1.tar.gz) = c29671daaca5725b4f4257a972c2fe88effbc16e
-RMD160 (asterisk-1.8.7.1/asterisk-1.8.7.1.tar.gz) = e69d6f6c555f52b8c6bd16428c9e64a22988e736
-Size (asterisk-1.8.7.1/asterisk-1.8.7.1.tar.gz) = 28557326 bytes
-SHA1 (asterisk-1.8.7.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
-RMD160 (asterisk-1.8.7.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
-Size (asterisk-1.8.7.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
-SHA1 (asterisk-1.8.7.1/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
-RMD160 (asterisk-1.8.7.1/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
-Size (asterisk-1.8.7.1/extract-cfile.txt) = 643 bytes
-SHA1 (asterisk-1.8.7.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
-RMD160 (asterisk-1.8.7.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
-Size (asterisk-1.8.7.1/rfc3951.txt) = 373442 bytes
+SHA1 (asterisk-1.8.7.2/asterisk-1.8.7.2.tar.gz) = 55eb86a453ba8f0ae81ac36c26b145c5b67499b3
+RMD160 (asterisk-1.8.7.2/asterisk-1.8.7.2.tar.gz) = 14bde4270f62852ce4d7dec5028af9824341e98b
+Size (asterisk-1.8.7.2/asterisk-1.8.7.2.tar.gz) = 28870981 bytes
+SHA1 (asterisk-1.8.7.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
+RMD160 (asterisk-1.8.7.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
+Size (asterisk-1.8.7.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
+SHA1 (asterisk-1.8.7.2/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
+RMD160 (asterisk-1.8.7.2/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
+Size (asterisk-1.8.7.2/extract-cfile.txt) = 643 bytes
+SHA1 (asterisk-1.8.7.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
+RMD160 (asterisk-1.8.7.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
+Size (asterisk-1.8.7.2/rfc3951.txt) = 373442 bytes
 SHA1 (patch-aa) = 496565e1e567c42ab6ba8f996c506f52cb9c8cfe
 SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab
 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5