Vulnerabilities > CVE-2008-1390 - Credentials Management vulnerability in Asterisk products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generates insufficiently random manager ID values, which makes it easier for remote attackers to hijack a manager session via a series of ID guesses.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2008-2620.NASL description Update to 1.4.18.1 plus another patch to fix some security issues. AST-2008-002 details two buffer overflows that were discovered in RTP codec payload type handling. * http://downloads.digium.com/pub/security/AST-2008-002.pdf * All users of SIP in Asterisk 1.4 and 1.6 are affected. AST-2008-003 details a vulnerability which allows an attacker to bypass SIP authentication and to make a call into the context specified in the general section of sip.conf. * http://downloads.digium.com/pub/security/AST-2008-003.pdf * All users of SIP in Asterisk 1.0, 1.2, 1.4, or 1.6 are affected. AST-2008-005 details a problem in the way manager IDs are calculated. * http://downloads.digium.com/pub/security/AST-2008-005.pdf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31667 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31667 title Fedora 7 : asterisk-1.4.18.1-1.fc7 (2008-2620) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-2620. # include("compat.inc"); if (description) { script_id(31667); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-1289", "CVE-2008-1332", "CVE-2008-1390"); script_bugtraq_id(28310, 28316); script_xref(name:"FEDORA", value:"2008-2620"); script_name(english:"Fedora 7 : asterisk-1.4.18.1-1.fc7 (2008-2620)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 1.4.18.1 plus another patch to fix some security issues. AST-2008-002 details two buffer overflows that were discovered in RTP codec payload type handling. * http://downloads.digium.com/pub/security/AST-2008-002.pdf * All users of SIP in Asterisk 1.4 and 1.6 are affected. AST-2008-003 details a vulnerability which allows an attacker to bypass SIP authentication and to make a call into the context specified in the general section of sip.conf. * http://downloads.digium.com/pub/security/AST-2008-003.pdf * All users of SIP in Asterisk 1.0, 1.2, 1.4, or 1.6 are affected. AST-2008-005 details a problem in the way manager IDs are calculated. * http://downloads.digium.com/pub/security/AST-2008-005.pdf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://downloads.digium.com/pub/security/AST-2008-002.pdf script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2008-002.pdf" ); # http://downloads.digium.com/pub/security/AST-2008-003.pdf script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2008-003.pdf" ); # http://downloads.digium.com/pub/security/AST-2008-005.pdf script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2008-005.pdf" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=438127" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=438129" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=438131" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008853.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6c5aa321" ); script_set_attribute( attribute:"solution", value:"Update the affected asterisk package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 255, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"asterisk-1.4.18.1-1.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2008-2554.NASL description Update to 1.4.18.1 plus another patch to fix some security issues. AST-2008-002 details two buffer overflows that were discovered in RTP codec payload type handling. * http://downloads.digium.com/pub/security/AST-2008-002.pdf * All users of SIP in Asterisk 1.4 and 1.6 are affected. AST-2008-003 details a vulnerability which allows an attacker to bypass SIP authentication and to make a call into the context specified in the general section of sip.conf. * http://downloads.digium.com/pub/security/AST-2008-003.pdf * All users of SIP in Asterisk 1.0, 1.2, 1.4, or 1.6 are affected. AST-2008-005 details a problem in the way manager IDs are calculated. * http://downloads.digium.com/pub/security/AST-2008-005.pdf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31664 published 2008-03-26 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31664 title Fedora 8 : asterisk-1.4.18.1-1.fc8 (2008-2554) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-2554. # include("compat.inc"); if (description) { script_id(31664); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-1289", "CVE-2008-1332", "CVE-2008-1390"); script_bugtraq_id(28310, 28316); script_xref(name:"FEDORA", value:"2008-2554"); script_name(english:"Fedora 8 : asterisk-1.4.18.1-1.fc8 (2008-2554)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to 1.4.18.1 plus another patch to fix some security issues. AST-2008-002 details two buffer overflows that were discovered in RTP codec payload type handling. * http://downloads.digium.com/pub/security/AST-2008-002.pdf * All users of SIP in Asterisk 1.4 and 1.6 are affected. AST-2008-003 details a vulnerability which allows an attacker to bypass SIP authentication and to make a call into the context specified in the general section of sip.conf. * http://downloads.digium.com/pub/security/AST-2008-003.pdf * All users of SIP in Asterisk 1.0, 1.2, 1.4, or 1.6 are affected. AST-2008-005 details a problem in the way manager IDs are calculated. * http://downloads.digium.com/pub/security/AST-2008-005.pdf Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://downloads.digium.com/pub/security/AST-2008-002.pdf script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2008-002.pdf" ); # http://downloads.digium.com/pub/security/AST-2008-003.pdf script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2008-003.pdf" ); # http://downloads.digium.com/pub/security/AST-2008-005.pdf script_set_attribute( attribute:"see_also", value:"https://downloads.digium.com/pub/security/AST-2008-005.pdf" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=438127" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=438129" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=438131" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008777.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f2e865c6" ); script_set_attribute( attribute:"solution", value:"Update the affected asterisk package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(119, 255, 264); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:asterisk"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/03/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/03/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"asterisk-1.4.18.1-1.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "asterisk"); }
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 28316 CVE(CAN) ID: CVE-2008-1390 Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。 Asterisk计算管理器ID的方式存在错误,允许攻击者相对容易的预测很多HTTP查询所使用的管理器ID。 会话id是在AsteriskGUI HTTP服务器中生成的。当使用Glibc时,rand()和random()的实现和状态是共享的。Asterisk使用random()发布MD5 digest认证挑战并用malloc的指针rand()位或运算以生成AsteriskGUI会话标识符。攻击者可以通过检索32个连续的挑战同步到 random(),然后预测所有之后对random()和rand()调用的输出。由于malloc所返回的指针最多有21位的熵,因此攻击者仅需平均猜测1448个会话标识符就可以窃取已创建的会话。 Asterisk Asterisk 1.6.x Asterisk Asterisk 1.4.x Asterisk Business Edition C.x.x Asterisk AsteriskNOW pre-release Asterisk Appliance Developer Kit SVN Asterisk s800i 1.0.x Asterisk -------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.asterisk.org/ target=_blank>http://www.asterisk.org/</a> |
id | SSV:3069 |
last seen | 2017-11-19 |
modified | 2008-03-21 |
published | 2008-03-21 |
reporter | Root |
title | Asterisk可预测HTTP管理器会话ID漏洞 |
References
- http://downloads.digium.com/pub/security/AST-2008-005.html
- http://downloads.digium.com/pub/security/AST-2008-005.html
- http://secunia.com/advisories/29449
- http://secunia.com/advisories/29449
- http://secunia.com/advisories/29470
- http://secunia.com/advisories/29470
- http://securityreason.com/securityalert/3764
- http://securityreason.com/securityalert/3764
- http://www.securityfocus.com/archive/1/489819/100/0/threaded
- http://www.securityfocus.com/archive/1/489819/100/0/threaded
- http://www.securityfocus.com/bid/28316
- http://www.securityfocus.com/bid/28316
- http://www.securitytracker.com/id?1019679
- http://www.securitytracker.com/id?1019679
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41304
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41304
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00438.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html
- https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00514.html