CVE-2013-5642: Input Validation
First published: Mon Sep 09 2013(Updated: )
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.3-digiumphones allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an invalid SDP that defines a media description before the connection description in a SIP request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asterisk | =1.8.17.0 | |
| Asterisk | =1.8.17.0-rc1 | |
| Asterisk | =1.8.17.0-rc2 | |
| Asterisk | =1.8.17.0-rc3 | |
| Asterisk | =1.8.18.0 | |
| Asterisk | =1.8.18.0-rc1 | |
| Asterisk | =1.8.18.1 | |
| Asterisk | =1.8.19.0 | |
| Asterisk | =1.8.19.0-rc1 | |
| Asterisk | =1.8.19.0-rc3 | |
| Asterisk | =1.8.19.1 | |
| Asterisk | =1.8.20.0 | |
| Asterisk | =1.8.20.0-rc1 | |
| Asterisk | =1.8.20.0-rc2 | |
| Asterisk | =1.8.21.0-rc1 | |
| Asterisk | =1.8.21.0-rc2 | |
| Asterisk | =1.8.22.0 | |
| Asterisk | =1.8.22.0-rc1 | |
| Asterisk | =1.8.22.0-rc2 | |
| Asterisk | =1.8.23.0 | |
| Asterisk | =1.8.23.0-rc1 | |
| Asterisk | =1.8.23.0-rc2 | |
| Asterisk | =10.10.0 | |
| Asterisk | =10.10.0-rc1 | |
| Asterisk | =10.10.0-rc2 | |
| Asterisk | =10.11.0 | |
| Asterisk | =10.11.0-rc1 | |
| Asterisk | =10.11.0-rc2 | |
| Asterisk | =10.11.0-rc3 | |
| Asterisk | =10.12.0 | |
| Asterisk | =10.12.0-rc1 | |
| Asterisk | =10.12.0-rc2 | |
| Asterisk | =10.12.1 | |
| Asterisk | =10.12.2 | |
| Asterisk | =11.0.0 | |
| Asterisk | =11.0.0-beta1 | |
| Asterisk | =11.0.0-beta2 | |
| Asterisk | =11.0.0-rc1 | |
| Asterisk | =11.0.0-rc2 | |
| Asterisk | =11.0.1 | |
| Asterisk | =11.0.2 | |
| Asterisk | =11.1.0 | |
| Asterisk | =11.1.0-rc1 | |
| Asterisk | =11.1.0-rc3 | |
| Asterisk | =11.1.1 | |
| Asterisk | =11.1.2 | |
| Asterisk | =11.2.0-rc1 | |
| Asterisk | =11.2.0-rc2 | |
| Asterisk | =11.3.0-rc1 | |
| Asterisk | =11.3.0-rc2 | |
| Asterisk | =11.4.0 | |
| Asterisk | =11.4.0-rc1 | |
| Asterisk | =11.4.0-rc2 | |
| Asterisk | =11.4.0-rc3 | |
| Asterisk | =11.5.0 | |
| Asterisk | =11.5.0-rc1 | |
| Asterisk | =11.5.0-rc2 | |
| Asterisk | =11.5.1 | |
| Asterisk Digiumphones | =10.0.0 | |
| Asterisk Digiumphones | =10.0.0-rc1 | |
| Asterisk Digiumphones | =10.0.0-rc2 | |
| Asterisk Digiumphones | =10.11.0 | |
| Asterisk Digiumphones | =10.11.0-rc1 | |
| Asterisk Digiumphones | =10.11.0-rc2 | |
| Asterisk Digiumphones | =10.11.0-rc3 | |
| Asterisk Digiumphones | =10.12.0 | |
| Asterisk Digiumphones | =10.12.0-rc1 | |
| Asterisk Digiumphones | =10.12.0-rc2 | |
| Asterisk Digiumphones | =10.12.1 | |
| Asterisk Digiumphones | =10.12.2 | |
| Digium Asterisk Appliance Developer Kit | =1.8.15 | |
| Digium Asterisk Appliance Developer Kit | =1.8.15-cert1 | |
| Digium Asterisk Appliance Developer Kit | =1.8.15-cert1-rc1 | |
| Digium Asterisk Appliance Developer Kit | =1.8.15-cert1-rc2 | |
| Digium Asterisk Appliance Developer Kit | =1.8.15-cert1-rc3 | |
| Digium Asterisk Appliance Developer Kit | =1.8.15-cert2 | |
| Digium Asterisk Appliance Developer Kit | =1.8.15-rc1 | |
| Digium Asterisk Appliance Developer Kit | =11.2.0 | |
| Digium Asterisk Appliance Developer Kit | =11.2.0-cert1 | |
| Digium Asterisk Appliance Developer Kit | =11.2.0-rc1 | |
| Digium Asterisk Appliance Developer Kit | =11.2.0-rc2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2013-08/0174.html
- http://downloads.asterisk.org/pub/security/AST-2013-005.html
- http://osvdb.org/96690
- http://secunia.com/advisories/54534
- http://secunia.com/advisories/54617
- http://www.debian.org/security/2013/dsa-2749
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:223
- http://www.securityfocus.com/bid/62022
- http://www.securitytracker.com/id/1028957
- https://issues.asterisk.org/jira/browse/ASTERISK-22007
Frequently Asked Questions
What is the severity of CVE-2013-5642?
CVE-2013-5642 has been classified as a critical security vulnerability due to its potential for remote code execution.
How do I fix CVE-2013-5642?
To fix CVE-2013-5642, upgrade Asterisk to version 1.8.23.1, 10.12.3, or 11.5.1 or later.
Which Asterisk versions are affected by CVE-2013-5642?
Asterisk versions 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1 are affected by CVE-2013-5642.
Can CVE-2013-5642 be exploited remotely?
Yes, CVE-2013-5642 can be exploited remotely, allowing attackers to execute arbitrary code.
What are the potential impacts of CVE-2013-5642 on my system?
The impacts of CVE-2013-5642 can include unauthorized access, data loss, and complete system compromise.
- agent/weakness
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/digium
- canonical/asterisk
- version/asterisk/1.8.17.0
- version/asterisk/1.8.17.0-rc1
- version/asterisk/1.8.17.0-rc2
- version/asterisk/1.8.17.0-rc3
- version/asterisk/1.8.18.0
- version/asterisk/1.8.18.0-rc1
- version/asterisk/1.8.18.1
- version/asterisk/1.8.19.0
- version/asterisk/1.8.19.0-rc1
- version/asterisk/1.8.19.0-rc3
- version/asterisk/1.8.19.1
- version/asterisk/1.8.20.0
- version/asterisk/1.8.20.0-rc1
- version/asterisk/1.8.20.0-rc2
- version/asterisk/1.8.21.0-rc1
- version/asterisk/1.8.21.0-rc2
- version/asterisk/1.8.22.0
- version/asterisk/1.8.22.0-rc1
- version/asterisk/1.8.22.0-rc2
- version/asterisk/1.8.23.0
- version/asterisk/1.8.23.0-rc1
- version/asterisk/1.8.23.0-rc2
- version/asterisk/10.10.0
- version/asterisk/10.10.0-rc1
- version/asterisk/10.10.0-rc2
- version/asterisk/10.11.0
- version/asterisk/10.11.0-rc1
- version/asterisk/10.11.0-rc2
- version/asterisk/10.11.0-rc3
- version/asterisk/10.12.0
- version/asterisk/10.12.0-rc1
- version/asterisk/10.12.0-rc2
- version/asterisk/10.12.1
- version/asterisk/10.12.2
- version/asterisk/11.0.0
- version/asterisk/11.0.0-beta1
- version/asterisk/11.0.0-beta2
- version/asterisk/11.0.0-rc1
- version/asterisk/11.0.0-rc2
- version/asterisk/11.0.1
- version/asterisk/11.0.2
- version/asterisk/11.1.0
- version/asterisk/11.1.0-rc1
- version/asterisk/11.1.0-rc3
- version/asterisk/11.1.1
- version/asterisk/11.1.2
- version/asterisk/11.2.0-rc1
- version/asterisk/11.2.0-rc2
- version/asterisk/11.3.0-rc1
- version/asterisk/11.3.0-rc2
- version/asterisk/11.4.0
- version/asterisk/11.4.0-rc1
- version/asterisk/11.4.0-rc2
- version/asterisk/11.4.0-rc3
- version/asterisk/11.5.0
- version/asterisk/11.5.0-rc1
- version/asterisk/11.5.0-rc2
- version/asterisk/11.5.1
- canonical/asterisk digiumphones
- version/asterisk digiumphones/10.0.0
- version/asterisk digiumphones/10.0.0-rc1
- version/asterisk digiumphones/10.0.0-rc2
- version/asterisk digiumphones/10.11.0
- version/asterisk digiumphones/10.11.0-rc1
- version/asterisk digiumphones/10.11.0-rc2
- version/asterisk digiumphones/10.11.0-rc3
- version/asterisk digiumphones/10.12.0
- version/asterisk digiumphones/10.12.0-rc1
- version/asterisk digiumphones/10.12.0-rc2
- version/asterisk digiumphones/10.12.1
- version/asterisk digiumphones/10.12.2
- canonical/digium asterisk appliance developer kit
- version/digium asterisk appliance developer kit/1.8.15
- version/digium asterisk appliance developer kit/1.8.15-cert1
- version/digium asterisk appliance developer kit/1.8.15-cert1-rc1
- version/digium asterisk appliance developer kit/1.8.15-cert1-rc2
- version/digium asterisk appliance developer kit/1.8.15-cert1-rc3
- version/digium asterisk appliance developer kit/1.8.15-cert2
- version/digium asterisk appliance developer kit/1.8.15-rc1
- version/digium asterisk appliance developer kit/11.2.0
- version/digium asterisk appliance developer kit/11.2.0-cert1
- version/digium asterisk appliance developer kit/11.2.0-rc1
- version/digium asterisk appliance developer kit/11.2.0-rc2