Allele Security Alert
ASA-2018-00046
Identifier(s)
ASA-2018-00046, AST-2018-010, CVE-2018-19278
Title
Remote buffer overflow in DNS SRV and NAPTR lookups
Vendor(s)
Digium, Inc
Product(s)
Asterisk Open Source
Affected version(s)
Asterisk Open Source 15.x all releases
Asterisk Open Source 16.x all releases
Fixed version(s)
Asterisk Open Source 15.6.2
Asterisk Open Source 16.0.1
Proof of concept
Unknown
Description
There is a buffer overflow vulnerability in dns_srv_alloc() and dns_naptr_alloc() functions of Asterisk that allows an attacker to crash Asterisk via a specially crafted DNS SRV or NAPTR response. The attackers request causes Asterisk to segfault and crash.
In both functions, dn_expand is used to expand a compressed domain name. The return value is used to calculate the size of the buffer for the ast_dns_srv_record/ast_dns_naptr_record struct, where the expanded domain name will be stored. However, the return value of dn_expand is actually the length of the compressed domain name, so this can lead to a buffer overflow.
Technical details
Unknown
Credits
Jan Hoffmann
Reference(s)
AST-2018-010: Remote crash vulnerability DNS SRV and NAPTR lookups
https://seclists.org/fulldisclosure/2018/Nov/42
AST-2018-010-15.diff
http://downloads.asterisk.org/pub/security/AST-2018-010-15.diff
AST-2018-010-16.diff
http://downloads.asterisk.org/pub/security/AST-2018-010-16.diff
Buffer overflow for DNS SRV/NAPTR records
https://issues.asterisk.org/jira/browse/ASTERISK-28127
Asterisk Project Security Advisory – AST-2018-010
https://downloads.asterisk.org/pub/security/AST-2018-010.pdf
Asterisk Project Security Advisory – AST-2018-010
https://downloads.asterisk.org/pub/security/AST-2018-010.html
CVE-2018-19278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19278
CVE-2018-19278
https://nvd.nist.gov/vuln/detail/CVE-2018-19278
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 1, 2019