First Last Prev Next    This bug is not in your last search results.
Bug 1084606 - (CVE-2018-1000099) VUL-0: CVE-2018-1000099: asterisk: segmentation fault with an invalid SDP fmtp attribute
(CVE-2018-1000099)
VUL-0: CVE-2018-1000099: asterisk: segmentation fault with an invalid SDP fmt...
Status: RESOLVED NORESPONSE
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Christian Müller
Security Team bot
https://smash.suse.de/issue/200940/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-09 07:50 UTC by Johannes Segitz
Modified: 2019-12-18 15:08 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2018-03-09 07:50:15 UTC 
rh#1548126

A flaw was discovered in Asterisk 13.x, 14.x, 15.x and 13.18. By crafting an SDP message body with an invalid fmtp attribute Asterisk crashes when using the pjsip channel driver because pjproject's fmtp retrieval function fails to check if fmtp value is empty (set empty if previously parsed as invalid).


References:
http://downloads.asterisk.org/pub/security/AST-2018-003.html
https://issues.asterisk.org/jira/browse/ASTERISK-27583

Patches:
http://downloads.asterisk.org/pub/security/AST-2018-003-13.diff [Asterisk 13]
http://downloads.asterisk.org/pub/security/AST-2018-003-14.diff [Asterisk 14]
http://downloads.asterisk.org/pub/security/AST-2018-003-15.diff [Asterisk 15]
http://downloads.asterisk.org/pub/security/AST-2018-003-13.18.diff [Certified Asterisk 13.18]

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1548126
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000099
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000099.html
Comment 1 Marcus Meissner 2019-12-18 15:08:05 UTC 
tool is no longer in use
First Last Prev Next    This bug is not in your last search results.