Search This Blog

Thursday, October 18, 2007

[UNIX] Asterisk cdr_addon_mysql SQL Injection Vulnerability

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html


- - - - - - - - -

Asterisk cdr_addon_mysql SQL Injection Vulnerability
------------------------------------------------------------------------


SUMMARY

The source and destination numbers for a given call are not correctly
escaped by the cdr_addon_mysql module when inserting a record. Therefore,
a carefully crafted destination number sent to an Asterisk system running
cdr_addon_mysql could escape out of a SQL data field and create another
query. This vulnerability is made all the more severe if a user were using
realtime data, since the data may exist in the same database as the
inserted call detail record, thus creating all sorts of possible data
corruption and invalidation issues.

DETAILS

Vulnerable Systems:
* Asterisk Open Source version 1.0.x
* Asterisk Open Source version 1.2.8 and prior
* Asterisk Open Source version 1.4.4 and prior

Immune Systems:
* Asterisk-Addons version 1.2.8
* Asterisk-Addons version 1.4.4

Resolution:
The Asterisk-addons package is not distributed with Asterisk, nor is it
installed by default. The module may be either disabled or upgraded to fix
this issue.

CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5488>
CVE-2007-5488


ADDITIONAL INFORMATION

The information has been provided by <mailto:humberto.abdelnur@loria.fr>
Humberto Abdelnur.
The original article can be found at:
<http://downloads.digium.com/pub/security/AST-2007-023.html>

http://downloads.digium.com/pub/security/AST-2007-023.html

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)