1
Candidate: CVE-2016-9938
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9938
5
http://downloads.asterisk.org/pub/security/AST-2016-009.html
6
https://issues.asterisk.org/jira/browse/ASTERISK-26433
8
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x
9
before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before
10
11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a
11
liberal definition for whitespace when attempting to strip the content
12
between a SIP header name and a colon character. Rather than following RFC
13
3261 and stripping only spaces and horizontal tabs, Asterisk treats any
14
non-printable ASCII character as if it were whitespace. This means that
15
headers such as Contact\x01: will be seen as a valid Contact header. This
16
mostly does not pose a problem until Asterisk is placed in tandem with an
17
authenticating SIP proxy. In such a case, a crafty combination of valid and
18
invalid To headers can cause a proxy to allow an INVITE request into
19
Asterisk without authentication since it believes the request is an
20
in-dialog request. However, because of the bug described above, the request
21
will look like an out-of-dialog request to Asterisk. Asterisk will then
22
process the request as a new call. The result is that Asterisk can process
23
calls from unvetted sources without any authentication. If you do not use a
24
proxy for authentication, then this issue does not affect you. If your
25
proxy is dialog-aware (meaning that the proxy keeps track of what dialogs
26
are currently valid), then this issue does not affect you. If you use
27
chan_pjsip instead of chan_sip, then this issue does not affect you.
31
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847668
33
Discovered-by: Walter Doekes
37
upstream_asterisk: needs-triage
38
precise_asterisk: ignored (reached end-of-life)
39
precise/esm_asterisk: DNE (precise was needed)
40
trusty_asterisk: needed
41
vivid/stable-phone-overlay_asterisk: DNE
42
vivid/ubuntu-core_asterisk: DNE
43
xenial_asterisk: needed
44
yakkety_asterisk: ignored (reached end-of-life)
45
zesty_asterisk: ignored (reached end-of-life)
46
artful_asterisk: needed
47
bionic_asterisk: needed
48
devel_asterisk: needed