ID CVE-2014-9374
Summary Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 before 11.6-cert9 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame.
References
Vulnerable Configurations
  • Digium Certified Asterisk 11.6 cert 1 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert1:-:-:lts
  • Digium Certified Asterisk 11.6 cert 2 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert2:-:-:lts
  • Digium Certified Asterisk 11.6 cert 3 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert3:-:-:lts
  • Digium Certified Asterisk 11.6 cert 4 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert4:-:-:lts
  • Digium Certified Asterisk 11.6 cert 5 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert5:-:-:lts
  • Digium Certified Asterisk 11.6 cert 6 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert6:-:-:lts
  • Digium Certified Asterisk 11.6 cert 7 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert7:-:-:lts
  • Digium Certified Asterisk 11.6 cert8 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6:cert8:-:-:lts
  • Digium Certified Asterisk 11.6.0 LTS
    cpe:2.3:a:digium:certified_asterisk:11.6.0:-:-:-:lts
  • Digium Asterisk 11.0.0
    cpe:2.3:a:digium:asterisk:11.0.0
  • Digium Asterisk 11.0.0 beta1
    cpe:2.3:a:digium:asterisk:11.0.0:beta1
  • Digium Asterisk 11.0.0 beta2
    cpe:2.3:a:digium:asterisk:11.0.0:beta2
  • Digium Asterisk 11.0.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.0.0:rc1
  • Digium Asterisk 11.0.0 release candidate 2
    cpe:2.3:a:digium:asterisk:11.0.0:rc2
  • Digium Asterisk 11.1.0
    cpe:2.3:a:digium:asterisk:11.1.0
  • Digium Asterisk 11.1.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.1.0:rc1
  • Digium Asterisk 11.1.0 release candidate 2
    cpe:2.3:a:digium:asterisk:11.1.0:rc2
  • Digium Asterisk 11.1.0 release candidate 3
    cpe:2.3:a:digium:asterisk:11.1.0:rc3
  • cpe:2.3:a:digium:asterisk:11.2.0
    cpe:2.3:a:digium:asterisk:11.2.0
  • Digium Asterisk 11.2.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.2.0:rc1
  • cpe:2.3:a:digium:asterisk:11.2.0:rc2
    cpe:2.3:a:digium:asterisk:11.2.0:rc2
  • cpe:2.3:a:digium:asterisk:11.3.0:rc1
    cpe:2.3:a:digium:asterisk:11.3.0:rc1
  • cpe:2.3:a:digium:asterisk:11.3.0:rc2
    cpe:2.3:a:digium:asterisk:11.3.0:rc2
  • cpe:2.3:a:digium:asterisk:11.4.0
    cpe:2.3:a:digium:asterisk:11.4.0
  • cpe:2.3:a:digium:asterisk:11.4.0:rc1
    cpe:2.3:a:digium:asterisk:11.4.0:rc1
  • cpe:2.3:a:digium:asterisk:11.4.0:rc2
    cpe:2.3:a:digium:asterisk:11.4.0:rc2
  • cpe:2.3:a:digium:asterisk:11.4.0:rc3
    cpe:2.3:a:digium:asterisk:11.4.0:rc3
  • Digium Asterisk 11.4.0 release candidate 4
    cpe:2.3:a:digium:asterisk:11.4.0:rc4
  • cpe:2.3:a:digium:asterisk:11.5.0
    cpe:2.3:a:digium:asterisk:11.5.0
  • cpe:2.3:a:digium:asterisk:11.5.0:rc1
    cpe:2.3:a:digium:asterisk:11.5.0:rc1
  • cpe:2.3:a:digium:asterisk:11.5.0:rc2
    cpe:2.3:a:digium:asterisk:11.5.0:rc2
  • Digium Asterisk 11.6.0
    cpe:2.3:a:digium:asterisk:11.6.0
  • Digium Asterisk 11.6.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.6.0:rc1
  • Digium Asterisk 11.6.0 release candidate 2
    cpe:2.3:a:digium:asterisk:11.6.0:rc2
  • Digium Asterisk 11.7.0
    cpe:2.3:a:digium:asterisk:11.7.0
  • Digium Asterisk 11.7.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.7.0:rc1
  • Digium Asterisk 11.7.0 release candidate 2
    cpe:2.3:a:digium:asterisk:11.7.0:rc2
  • Digium Asterisk 11.8.0
    cpe:2.3:a:digium:asterisk:11.8.0
  • Digium Asterisk 11.8.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.8.0:rc1
  • Digium Asterisk 11.8.0 release candidate 2
    cpe:2.3:a:digium:asterisk:11.8.0:rc2
  • Digium Asterisk 11.8.0 release candidate 3
    cpe:2.3:a:digium:asterisk:11.8.0:rc3
  • Digium Asterisk 11.9.0
    cpe:2.3:a:digium:asterisk:11.9.0
  • Digium Asterisk 11.9.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.9.0:rc1
  • Digium Asterisk 11.9.0 release candidate 2
    cpe:2.3:a:digium:asterisk:11.9.0:rc2
  • Digium Asterisk 11.9.0 release candidate 3
    cpe:2.3:a:digium:asterisk:11.9.0:rc3
  • Digium Asterisk 11.10.0
    cpe:2.3:a:digium:asterisk:11.10.0
  • Digium Asterisk 11.10.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.10.0:rc1
  • Digium Asterisk 11.11.0
    cpe:2.3:a:digium:asterisk:11.11.0
  • Digium Asterisk 11.11.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.11.0:rc1
  • Digium Asterisk 11.12.0
    cpe:2.3:a:digium:asterisk:11.12.0
  • Digium Asterisk 11.12.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.12.0:rc1
  • Digium Asterisk 11.13.0
    cpe:2.3:a:digium:asterisk:11.13.0
  • Digium Asterisk 11.13.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.13.0:rc1
  • cpe:2.3:a:digium:asterisk:11.14.0
    cpe:2.3:a:digium:asterisk:11.14.0
  • Digium Asterisk 11.14.0 release candidate 1
    cpe:2.3:a:digium:asterisk:11.14.0:rc1
  • Digium Asterisk 11.14.0 release candidate 2
    cpe:2.3:a:digium:asterisk:11.14.0:rc2
  • Digium Asterisk 12.0.0
    cpe:2.3:a:digium:asterisk:12.0.0
  • Digium Asterisk 12.1.0
    cpe:2.3:a:digium:asterisk:12.1.0
  • Digium Asterisk 12.1.0 release candidate 1
    cpe:2.3:a:digium:asterisk:12.1.0:rc1
  • Digium Asterisk 12.1.0 release candidate 2
    cpe:2.3:a:digium:asterisk:12.1.0:rc2
  • Digium Asterisk 12.1.0 release candidate 3
    cpe:2.3:a:digium:asterisk:12.1.0:rc3
  • Digium Asterisk 12.2.0
    cpe:2.3:a:digium:asterisk:12.2.0
  • Digium Asterisk 12.2.0 release candidate 1
    cpe:2.3:a:digium:asterisk:12.2.0:rc1
  • Digium Asterisk 12.2.0 release candidate 2
    cpe:2.3:a:digium:asterisk:12.2.0:rc2
  • Digium Asterisk 12.2.0 release candidate 3
    cpe:2.3:a:digium:asterisk:12.2.0:rc3
  • Digium Asterisk 12.3.0
    cpe:2.3:a:digium:asterisk:12.3.0
  • Digium Asterisk 12.3.0 release candidate 1
    cpe:2.3:a:digium:asterisk:12.3.0:rc1
  • Digium Asterisk 12.3.0 release candidate 2
    cpe:2.3:a:digium:asterisk:12.3.0:rc2
  • Digium Asterisk 12.4.0
    cpe:2.3:a:digium:asterisk:12.4.0
  • Digium Asterisk 12.4.0 release candidate 1
    cpe:2.3:a:digium:asterisk:12.4.0:rc1
  • Digium Asterisk 12.5.0
    cpe:2.3:a:digium:asterisk:12.5.0
  • Digium Asterisk 12.5.0 release candidate 1
    cpe:2.3:a:digium:asterisk:12.5.0:rc1
  • Digium Asterisk 12.6.0
    cpe:2.3:a:digium:asterisk:12.6.0
  • Digium Asterisk 12.6.0 release candidate 1
    cpe:2.3:a:digium:asterisk:12.6.0:rc1
  • cpe:2.3:a:digium:asterisk:12.7.0
    cpe:2.3:a:digium:asterisk:12.7.0
  • Digium Asterisk 12.7.0 release candidate 1
    cpe:2.3:a:digium:asterisk:12.7.0:rc1
  • Digium Asterisk 12.7.0 release candidate 2
    cpe:2.3:a:digium:asterisk:12.7.0:rc2
  • Digium Asterisk 12.7.1
    cpe:2.3:a:digium:asterisk:12.7.1
  • cpe:2.3:a:digium:asterisk:13.0.0
    cpe:2.3:a:digium:asterisk:13.0.0
  • Digium Asterisk 13.0.1
    cpe:2.3:a:digium:asterisk:13.0.1
CVSS
Base: 5.0 (as of 12-12-2014 - 16:49)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-018.NASL
    description Updated asterisk packages fix security vulnerability : Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2 allows remote attackers to cause a denial of service (crash) by sending a zero length frame after a non-zero length frame (CVE-2014-9374).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 80437
    published 2015-01-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80437
    title Mandriva Linux Security Advisory : asterisk (MDVSA-2015:018)
  • NASL family Misc.
    NASL id ASTERISK_AST_2014_019.NASL
    description According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a double-free error related to the 'res_http_websocket' module and handling of zero-length payloads that could allow denial of service attacks. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 80036
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80036
    title Asterisk 'res_http_websocket' Double-Free DoS (AST-2014-019)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_94268DA0811811E4A180001999F8D30B.NASL
    description The Asterisk project reports : When handling a WebSocket frame the res_http_websocket module dynamically changes the size of the memory used to allow the provided payload to fit. If a payload length of zero was received the code would incorrectly attempt to resize to zero. This operation would succeed and end up freeing the memory but be treated as a failure. When the session was subsequently torn down this memory would get freed yet again causing a crash. Users of the WebSocket functionality also did not take into account that provided text frames are not guaranteed to be NULL terminated. This has been fixed in chan_sip and chan_pjsip in the applicable versions.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79956
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79956
    title FreeBSD : asterisk -- Remote Crash Vulnerability in WebSocket Server (94268da0-8118-11e4-a180-001999f8d30b)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-51.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-51 (Asterisk: Multiple vulnerabilities) Multiple unspecified vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact : Unauthenticated remote attackers can cause Denial of Service or bypass intended ACL restrictions. Authenticated remote attackers can gain escalated privileges. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 80272
    published 2014-12-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80272
    title GLSA-201412-51 : Asterisk: Multiple vulnerabilities
refmap via4
bid 71607
bugtraq 20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server
confirm
fulldisc 20141210 AST-2014-019: Remote Crash Vulnerability in WebSocket Server
mandriva MDVSA-2015:018
misc http://packetstormsecurity.com/files/129473/Asterisk-Project-Security-Advisory-AST-2014-019.html
sectrack 1031345
secunia 60251
Last major update 25-03-2015 - 22:00
Published 12-12-2014 - 10:59
Last modified 09-10-2018 - 15:55
Back to Top