Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] AST-2007-026 - SQL Injection issue in cdr_pgsql

from [Asterisk Security Team] Network Security [Permanent Link]
Subject: [VulnWatch] AST-2007-026 - SQL Injection issue in cdr_pgsql
Date: Thu, 29 Nov 2007 17:14:03 -0600 
               Asterisk Project Security Advisory - AST-2007-026

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | SQL Injection issue in cdr_pgsql                |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | SQL Injection                                   |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote Authenticated Sessions                   |
   |----------------------+-------------------------------------------------|
   |       Severity       | Moderate                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Tilghman Lesher <tlesher AT digium DOT com>     |
   |----------------------+-------------------------------------------------|
   |      Posted On       | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | November 29, 2007                               |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Tilghman Lesher <tlesher AT digium DOT com>     |
   |----------------------+-------------------------------------------------|
   |       CVE Name       | CVE-2007-6170                                   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | Input buffers were not properly escaped when providing   |
   |             | the ANI and DNIS strings to the Call Detail Record       |
   |             | Postgres logging engine. An attacker could potentially   |
   |             | compromise the administrative database containing users' |
   |             | usernames and passwords used for SIP authentication,     |
   |             | among other things.                                      |
   |             |                                                          |
   |             | This module is not active by default and must be         |
   |             | configured for use by the administrator. Default         |
   |             | installations of Asterisk are not affected.              |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Workaround | Convert your installation to use cdr_odbc with the        |
   |            | PgsqlODBC driver. This module provides similar            |
   |            | functionality but is not vulnerable.                      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |    Resolution    | Upgrade to Asterisk release 1.4.15 or higher.       |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            |   Release   |                          |
   |                               |   Series    |                          |
   |-------------------------------+-------------+--------------------------|
   |     Asterisk Open Source      |    1.0.x    | All versions             |
   |-------------------------------+-------------+--------------------------|
   |     Asterisk Open Source      |    1.2.x    | 1.2.24 and previous      |
   |-------------------------------+-------------+--------------------------|
   |     Asterisk Open Source      |    1.4.x    | 1.4.14 and previous      |
   |-------------------------------+-------------+--------------------------|
   |   Asterisk Business Edition   |    A.x.x    | All versions             |
   |-------------------------------+-------------+--------------------------|
   |   Asterisk Business Edition   |    B.x.x    | B.2.3.3 and previous     |
   |-------------------------------+-------------+--------------------------|
   |   Asterisk Business Edition   |    C.x.x    | C.1.0-beta5 and previous |
   |-------------------------------+-------------+--------------------------|
   |          AsteriskNOW          | pre-release | None                     |
   |-------------------------------+-------------+--------------------------|
   | Asterisk Appliance Developer  |    0.x.x    | None                     |
   |              Kit              |             |                          |
   |-------------------------------+-------------+--------------------------|
   |  s800i (Asterisk Appliance)   |    1.0.x    | None                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                  Product                  |          Release           |
   |-------------------------------------------+----------------------------|
   |           Asterisk Open Source            |           1.2.25           |
   |-------------------------------------------+----------------------------|
   |           Asterisk Open Source            |           1.4.15           |
   |-------------------------------------------+----------------------------|
   |         Asterisk Business Edition         |          B.2.3.4           |
   |-------------------------------------------+----------------------------|
   |         Asterisk Business Edition         |        C.1.0-beta6         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-026.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2007-026.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date      |       Editor       |          Revisions Made          |
   |----------------+--------------------+----------------------------------|
   | 2007-11-29     | Tilghman Lesher    | Initial release                  |
   |----------------+--------------------+----------------------------------|
   | 2007-11-29     | Tilghman Lesher    | Added CVE, ABE C version         |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-026
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] AST-2007-026 - SQL Injection issue in cdr_pgsql, Asterisk Security Team <=
Previous by Date:  [VulnWatch] AST-2007-025 - SQL Injection issue in res_config_pgsql, Asterisk Security Team
Next by Date:  [VulnWatch] PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script, Adrian P.
Previous by Thread:  [VulnWatch] AST-2007-025 - SQL Injection issue in res_config_pgsql, Asterisk Security Team
Next by Thread:  [VulnWatch] PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script, Adrian P.
Indexes:  [Date] [Thread] [Top] [All Lists]