National Cyber Awareness System

Vulnerability Summary for CVE-2006-5444

Overview

Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.

Impact

CVSS Severity (version 2.0 upgrade from v1.0):

CVSS Version 2 Metrics:

Solution

Failed exploit attempts will likely crash the server, denying further service to legitimate users. This vulnerability is addressed in the following product releases: Asterisk, Asterisk, 1.0.12 or later Asterisk, Asterisk, 1.2.13 or later}

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Vulnerability Note: VU#521252

Name: VU#521252

Hyperlink:http://www.kb.cert.org/vuls/id/521252

External Source: BID

Name: 20617

Type: Patch Information; Exploit

Hyperlink:http://www.securityfocus.com/bid/20617

External Source: BUGTRAQ

Name: 20061018 Security-Assessment.com Advisory: Asterisk remote heap overflow

Type: Advisory; Patch Information; Exploit

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/449127/100/0/threaded

External Source: CONFIRM

Name: http://www.asterisk.org/node/109

Type: Patch Information

Hyperlink:http://www.asterisk.org/node/109

External Source: SECTRACK

Name: 1017089

Type: Patch Information

Hyperlink:http://securitytracker.com/id?1017089

External Source: SECUNIA

Name: 22480

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/22480

External Source: CONFIRM

Name: http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13

Type: Patch Information

Hyperlink:http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.2.13

External Source: CONFIRM

Name: http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12

Type: Patch Information

Hyperlink:http://ftp.digium.com/pub/asterisk/releases/ChangeLog-1.0.12

External Source: VUPEN

Name: ADV-2006-4097

Hyperlink:http://www.vupen.com/english/advisories/2006/4097

External Source: OPENPKG

Name: OpenPKG-SA-2006.024

Type: Advisory

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/449183/100/0/threaded

External Source: XF

Name: asterisk-getinput-code-execution(29663)

Hyperlink:http://xforce.iss.net/xforce/xfdb/29663

External Source: DEBIAN

Name: DSA-1229

Hyperlink:http://www.us.debian.org/security/2006/dsa-1229

External Source: OSVDB

Name: 29972

Hyperlink:http://www.osvdb.org/29972

External Source: SUSE

Name: SUSE-SA:2006:069

Hyperlink:http://www.novell.com/linux/security/advisories/2006_69_asterisk.html

External Source: GENTOO

Name: GLSA-200610-15

Hyperlink:http://www.gentoo.org/security/en/glsa/glsa-200610-15.xml

External Source: SECUNIA

Name: 23212

Hyperlink:http://secunia.com/advisories/23212

External Source: SECUNIA

Name: 22979

Hyperlink:http://secunia.com/advisories/22979

External Source: SECUNIA

Name: 22651

Hyperlink:http://secunia.com/advisories/22651

External Source: FULLDISC

Name: 20061018 Asterisk remote heap overflow

Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050171.html