Vulnerabilities > CVE-2010-0685 - Remote Security vulnerability in Asterisk
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.
Vulnerable Configurations
Nessus
| NASL family | Fedora Local Security Checks |
| NASL id | FEDORA_2010-3724.NASL |
| description | Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can compromise security * AST-2010-002: This security release is intended to raise awareness of how it is possible to insert malicious strings into dialplans, and to advise developers to read the best practices documents so that they may easily avoid these dangers. * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 47325 |
| published | 2010-07-01 |
| reporter | This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/47325 |
| title | Fedora 11 : asterisk-1.6.1.17-1.fc11 (2010-3724) |
References
- http://downloads.digium.com/pub/security/AST-2010-002.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037679.html
- http://secunia.com/advisories/38641
- http://secunia.com/advisories/39096
- http://svn.asterisk.org/svn/asterisk/branches/1.2/README-SERIOUSLY.bestpractices.txt
- http://www.securityfocus.com/archive/1/509608/100/0/threaded
- http://www.securitytracker.com/id?1023637
- http://www.vupen.com/english/advisories/2010/0439
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56397