Asterisk SUBSCRIBE Request Buffer Overflow Vulnerability (Mar 2, 2018)

Asterisk is a software implementation of a telephone private branch exchange (PBX). It allows telephones interfaced with a variety of hardware technologies to make calls to one another, and to connect to telephony services, such as the public switched telephone network (PSTN) and voice over Internet Protocol (VoIP) services.

A memory corruption vulnerability has been reported on Asterisk. Due to improper handling of the SUBSCRIPBE request in the Session Initiation Protocol (SIP) implementation, a buffer overflow vulnerability can be triggered inside the service process memory space, An attacker could send a certain crafted SUBSCRIBE request, and cause Denial-of-Service or even remote code execution on the target server with the privilege of the service process.

SIP is a request-response based application layer protocol. The memory corruption vulnerability is triggered when the Asterisk SIP service parsing the SUBSCRIBE request’s header. During this process, a sequence of C functions will be called:

Read More…