Bug 926548 - (CVE-2015-3008) VUL-0: CVE-2015-3008 asterisk: TLS Certificate Common name NULL byte exploit
(CVE-2015-3008)
VUL-0: CVE-2015-3008 asterisk: TLS Certificate Common name NULL byte exploit
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE.org
Classification: openSUSE
Component: 3rd party software
unspecified
Other openSUSE 13.2
: P5 - None : Normal (vote)
: ---
Assigned To: Jan Engelhardt
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-04-09 10:09 UTC by Andreas Stieger
Modified: 2015-04-09 11:01 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-09 10:09:10 UTC
Not in openSUSE or SLE, reported against network:telephony:asterisk-*


The following flaw was found in asterisk:

When Asterisk registers to a SIP TLS device and and verifies the server, Asterisk will accept signed certificates that match a common name other than the one Asterisk is expecting if the signed certificate has a common name containing a null byte after the portion of the common name that Asterisk expected. For example, if Asterisk is trying to register to www.domain.com, Asterisk will accept certificates of the form www.domain.com\x00www.someotherdomain.com - for more information on this exploit, see https://fotisl.com/blog/2009/10/the-null-certificate-prefix-bug/

This issue is fixed in asterisk versions: 1.8.32.3, 11.17.1, 12.8.2, 13.3.2 

Upstream advisory:

http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

Upstream issue:

https://issues.asterisk.org/jira/browse/ASTERISK-24847

Patch:

https://issues.asterisk.org/jira/secure/attachment/52082/asterisk-null-in-cn.patch

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1210225
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3008
Comment 2 Jan Engelhardt 2015-04-09 11:01:57 UTC
Done.