Digium Asterisk up to 1.8.20.1 main/http.c ast_http_get_post_vars memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as critical, has been found in Digium Asterisk up to 1.8.20.1. This vulnerability affects the function ast_http_get_post_vars of the file main/http.c. Performing a manipulation results in memory corruption.
This vulnerability is identified as CVE-2013-2686. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Digium Asterisk up to 1.8.20.1 (Communications System). This affects the function ast_http_get_post_vars of the file main/http.c. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on availability. The summary by CVE is:
main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976.
The weakness was released 03/27/2013 by Christoph Hebeisen with ELUS Security Labs Vulnerability Research Team as confirmed advisory (Website). The advisory is shared at issues.asterisk.org. The public release was coordinated with Digium. This vulnerability is uniquely identified as CVE-2013-2686 since 03/25/2013. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are known, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 65897 (Asterisk HTTP Content-Length Header DoS (AST-2013-002)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Misc..
Upgrading to version 1.8.20.2 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 13037.
The vulnerability is also documented in the databases at X-Force (83126), Tenable (65897), SecurityFocus (BID 58756†), OSVDB (91754†) and Secunia (SA52776†). Entries connected to this vulnerability are available at VDB-8119 and VDB-8120. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.digium.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 65897
Nessus Name: Asterisk HTTP Content-Length Header DoS (AST-2013-002)
Nessus File: 🔍
Nessus Family: 🔍
OpenVAS ID: 865538
OpenVAS Name: Fedora Update for asterisk FEDORA-2013-4528
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Asterisk 1.8.20.2
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
Fortigate IPS: 🔍
Timeline
03/25/2013 🔍03/27/2013 🔍
03/27/2013 🔍
03/27/2013 🔍
03/27/2013 🔍
03/27/2013 🔍
03/28/2013 🔍
04/01/2013 🔍
04/02/2013 🔍
04/10/2013 🔍
04/14/2013 🔍
12/24/2017 🔍
Sources
Vendor: digium.comAdvisory: issues.asterisk.org
Researcher: Christoph Hebeisen
Organization: ELUS Security Labs Vulnerability Research Team
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-2686 (🔍)
GCVE (CVE): GCVE-0-2013-2686
GCVE (VulDB): GCVE-100-8121
IAVM: 🔍
X-Force: 83126
SecurityFocus: 58756 - Multiple Asterisk Products CVE-2013-2686 'Content-Length' Header Denial of Service Vulnerability
Secunia: 52776 - Asterisk Multiple Vulnerabilities, Highly Critical
OSVDB: 91754
SecurityTracker: 1028360 - Asterisk HTTP POST Content-Length Processing Flaw Lets Remote Users Deny Service
Vulnerability Center: 39101 - Digium Asterisk Multiple Products Remote Denial of Service via Crafted HTTP POST Requests, Medium
See also: 🔍
Entry
Created: 04/02/2013 15:52Updated: 12/24/2017 09:40
Changes: 04/02/2013 15:52 (89), 12/24/2017 09:40 (7)
Complete: 🔍
Committer:
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.