computerwoche.de

Archiv

Exploit Asterisk PBX software patched

23.10.2006
A vulnerability in the Asterisk PBX server that enables an attacker to gain complete control of a PBX system has been discovered by an Australian and New Zealand security outfit Security-Assessment.com. (http://security-assessment.com/files/advisories/Asterisk_remote_heap_overflow.pdf)

The exploit allows an attacker to spoof caller-IDs, sniff voice calls on the network and take complete control of the system. No public exploits of the vulnerability have been released since it was discovered on October 18 this year.

Asterisk was notified of the discovery on Tuesday October 17. A patch for the vulnerability was released by Asterisk on Wednesday October 18.

Adam Boileau, senior security consultant for Security-Assessment.com, said the vulnerability directly affects the Asterisk versions 1.0 and 1.2.

Version 1.4, currently in development, is not affected. Boileau said the vulnerability lies before the calls are authorized within the PBX and is restricted to a vulnerability within the Asterisk phone server when "talking" to Cisco phones.

"The vulnerability occurs early in the connection when Asterisk opens a port. Cisco phones communicate on (2000/TCP, Skinny Client Control Protocol) and the first packet you send is used to exploit the vulnerability before any configuration occurs," Boileau said.