Bug 12060

Summary:	Multiple vulnerabilities in asterisk (CVE-2013-7100)
Product:	Mageia	Reporter:	Oden Eriksson <oe>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	normal
Priority:	Normal	CC:	luigiwalser, sysadmin-bugs, tmb
Version:	3	Keywords:	validated_update
Target Milestone:	---
Hardware:	i586
OS:	Linux
URL:	http://lwn.net/Vulnerabilities/578022/
Whiteboard:	has_procedure advisory mga3-32-ok mga3-64-ok
Source RPM:	asterisk	CVE:
Status comment:

Description Oden Eriksson 2013-12-20 11:01:00 CET

http://downloads.asterisk.org/pub/security/AST-2013-006.html
http://downloads.asterisk.org/pub/security/AST-2013-007.html
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html


======================================================
Name: CVE-2013-7100
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20131213
Category: 
Reference: CONFIRM:http://downloads.asterisk.org/pub/security/AST-2013-006.html
Reference: CONFIRM:https://issues.asterisk.org/jira/browse/ASTERISK-22590

Buffer overflow in the unpacksms16 function in apps/app_sms.c in
Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and
11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones
before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before
1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to
cause a denial of service (daemon crash) via a 16-bit SMS message.



Reproducible: 

Steps to Reproduce:

Comment 1 Oden Eriksson 2013-12-20 11:50:25 CET

11.7.0 has been committed and submitted to mga3

11.7.0 has been committed to cauldron, needs someone to submit it. Damn, I accidently submitted this one to core/updates_testing in cauldron. So, I bumped the release which should work.

Comment 2 David Walser 2013-12-20 21:23:12 CET

It's now been uploaded for Cauldron.

What exactly would you like the advisory to say for the Mageia 3 update?

Other than that, I guess this is ready for QA.  More details in Comment 0.

Packages uploaded:
asterisk-11.7.0-1.mga3
libasteriskssl1-11.7.0-1.mga3
asterisk-addons-11.7.0-1.mga3
asterisk-firmware-11.7.0-1.mga3
asterisk-devel-11.7.0-1.mga3
asterisk-plugins-corosync-11.7.0-1.mga3
asterisk-plugins-alsa-11.7.0-1.mga3
asterisk-plugins-calendar-11.7.0-1.mga3
asterisk-plugins-cel-11.7.0-1.mga3
asterisk-plugins-curl-11.7.0-1.mga3
asterisk-plugins-dahdi-11.7.0-1.mga3
asterisk-plugins-fax-11.7.0-1.mga3
asterisk-plugins-festival-11.7.0-1.mga3
asterisk-plugins-ices-11.7.0-1.mga3
asterisk-plugins-jabber-11.7.0-1.mga3
asterisk-plugins-jack-11.7.0-1.mga3
asterisk-plugins-lua-11.7.0-1.mga3
asterisk-plugins-ldap-11.7.0-1.mga3
asterisk-plugins-minivm-11.7.0-1.mga3
asterisk-plugins-mobile-11.7.0-1.mga3
asterisk-plugins-mp3-11.7.0-1.mga3
asterisk-plugins-mysql-11.7.0-1.mga3
asterisk-plugins-ooh323-11.7.0-1.mga3
asterisk-plugins-oss-11.7.0-1.mga3
asterisk-plugins-pktccops-11.7.0-1.mga3
asterisk-plugins-portaudio-11.7.0-1.mga3
asterisk-plugins-pgsql-11.7.0-1.mga3
asterisk-plugins-radius-11.7.0-1.mga3
asterisk-plugins-saycountpl-11.7.0-1.mga3
asterisk-plugins-skinny-11.7.0-1.mga3
asterisk-plugins-snmp-11.7.0-1.mga3
asterisk-plugins-speex-11.7.0-1.mga3
asterisk-plugins-sqlite-11.7.0-1.mga3
asterisk-plugins-tds-11.7.0-1.mga3
asterisk-plugins-osp-11.7.0-1.mga3
asterisk-plugins-unistim-11.7.0-1.mga3
asterisk-plugins-voicemail-11.7.0-1.mga3
asterisk-plugins-voicemail-imap-11.7.0-1.mga3
asterisk-plugins-voicemail-plain-11.7.0-1.mga3
asterisk-gui-11.7.0-1.mga3

from asterisk-11.7.0-1.mga3.src.rpm

Assignee: bugsquad => qa-bugs

Comment 3 claire robinson 2013-12-21 14:55:59 CET

Procedure: https://bugs.mageia.org/show_bug.cgi?id=11094#c5

Whiteboard: (none) => has_procedure

Comment 4 Oden Eriksson 2013-12-23 14:21:21 CET

http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:300/

Comment 5 David Walser 2013-12-23 14:35:57 CET

Thanks Oden.

Advisory:
========================

Updated asterisk packages fix security vulnerability:

Buffer overflow in the unpacksms16 function in apps/app_sms.c in
Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and
11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before
10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4
and 11.x before 11.2-cert3 allows remote attackers to cause a denial
of service (daemon crash) via a 16-bit SMS message (CVE-2013-7100).

The updated packages has been upgraded to the 11.7.0 version which
resolves various upstream bugs and is not vulnerable to this issue.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7100
https://issues.asterisk.org/jira/browse/ASTERISK-22590
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-11.7.0-summary.html
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2013:300/

CC: (none) => luigiwalser

Comment 6 claire robinson 2013-12-23 16:38:16 CET

Testing complete mga3 32

No PoC without equipment to match

Just checking for clean update of all packages and followed
https://bugs.mageia.org/show_bug.cgi?id=11094#c5

Whiteboard: has_procedure => has_procedure mga3-32-ok

Comment 7 claire robinson 2013-12-23 16:57:17 CET

Testing complete mga3 64

Validating. Advisory uploaded.

Could sysadmin please push from 3 core/updates_testing to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: has_procedure mga3-32-ok => has_procedure advisory mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 8 Thomas Backlund 2013-12-23 18:28:28 CET

Update pushed:
http://advisories.mageia.org/MGASA-2013-0384.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

David Walser 2013-12-23 22:22:42 CET

URL: (none) => http://lwn.net/Vulnerabilities/578022/