ID CVE-2018-17281
Summary There is a stack consumption vulnerability in the res_http_websocket.so module of Asterisk through 13.23.0, 14.7.x through 14.7.7, and 15.x through 15.6.0 and Certified Asterisk through 13.21-cert2. It allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket.
References
Vulnerable Configurations
  • Digium Asterisk 13.0.0 LTS
    cpe:2.3:a:digium:asterisk:13.0.0:-:-:-:lts
  • Digium Asterisk 14.0.0
    cpe:2.3:a:digium:asterisk:14.0.0
  • Digium Asterisk 14.0.0 Beta 1
    cpe:2.3:a:digium:asterisk:14.0.0:beta1
  • Digium Asterisk 14.0.0 Beta 2
    cpe:2.3:a:digium:asterisk:14.0.0:beta2
  • Digium Asterisk 14.0.0 Release Candidate 1
    cpe:2.3:a:digium:asterisk:14.0.0:rc1
  • Digium Asterisk 14.0.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:14.0.0:rc2
  • Digium Asterisk 14.0.1
    cpe:2.3:a:digium:asterisk:14.0.1
  • Digium Asterisk 14.0.2
    cpe:2.3:a:digium:asterisk:14.0.2
  • Digium Asterisk 14.01
    cpe:2.3:a:digium:asterisk:14.01
  • Digium Asterisk 14.1.0
    cpe:2.3:a:digium:asterisk:14.1.0
  • Digium Asterisk 14.1.1
    cpe:2.3:a:digium:asterisk:14.1.1
  • Digium Asterisk 14.1.2
    cpe:2.3:a:digium:asterisk:14.1.2
  • Digium Asterisk 14.02
    cpe:2.3:a:digium:asterisk:14.02
  • Digium Asterisk 14.2.0
    cpe:2.3:a:digium:asterisk:14.2.0
  • Digium Asterisk 14.2.1
    cpe:2.3:a:digium:asterisk:14.2.1
  • Digium Asterisk 14.3.0
    cpe:2.3:a:digium:asterisk:14.3.0
  • Digium Asterisk 14.3.0 Release Candidate 1
    cpe:2.3:a:digium:asterisk:14.3.0:rc1
  • Digium Asterisk 14.3.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:14.3.0:rc2
  • Digium Asterisk 14.3.1
    cpe:2.3:a:digium:asterisk:14.3.1
  • Digium Asterisk 14.4.0
    cpe:2.3:a:digium:asterisk:14.4.0
  • Digium Asterisk 14.4.0 Release Candidate 1
    cpe:2.3:a:digium:asterisk:14.4.0:rc1
  • Digium Asterisk 14.4.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:14.4.0:rc2
  • Digium Asterisk 14.4.0 Release Candidate 3
    cpe:2.3:a:digium:asterisk:14.4.0:rc3
  • Digium Asterisk 14.4.1
    cpe:2.3:a:digium:asterisk:14.4.1
  • Digium Asterisk 14.5.0
    cpe:2.3:a:digium:asterisk:14.5.0
  • Digium Asterisk 14.5.0 Release Candidate 1
    cpe:2.3:a:digium:asterisk:14.5.0:rc1
  • Digium Asterisk 14.5.0 Release Candidate 2
    cpe:2.3:a:digium:asterisk:14.5.0:rc2
  • Digium Asterisk 14.6.0
    cpe:2.3:a:digium:asterisk:14.6.0
  • Digium Asterisk 14.6.0 Release Candidate 1
    cpe:2.3:a:digium:asterisk:14.6.0:rc1
  • Digium Certified Asterisk 11.6 Cert12 Long Term Support
    cpe:2.3:a:digium:certified_asterisk:11.6:cert12:-:-:lts
  • Digium Certified Asterisk 11.6 Cert13 Long Term Support
    cpe:2.3:a:digium:certified_asterisk:11.6:cert13:-:-:lts
  • Digium Certified Asterisk 11.6 Cert14 Long Term Support
    cpe:2.3:a:digium:certified_asterisk:11.6:cert14:-:-:lts
  • Digium Certified Asterisk 11.6 Cert15 Long Term Support
    cpe:2.3:a:digium:certified_asterisk:11.6:cert15:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert16:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:11.6:cert16:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert17:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:11.6:cert17:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:11.6:cert18:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:11.6:cert18:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.1:cert3:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.1:cert3:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.1:cert4:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.1:cert4:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.1:cert5:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.1:cert5:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.1:cert6:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.1:cert6:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.1:cert7:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.1:cert7:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.1:cert8:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.1:cert8:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.8:cert1:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.8:cert1:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.8:cert2:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.8:cert2:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.8:cert3:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.8:cert3:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.8:cert4:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.8:cert4:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert1:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert1:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert2:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert2:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert3:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert3:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert4:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert4:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert5:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert5:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert6:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert6:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert7:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert7:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert8:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert8:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.13:cert9:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.13:cert9:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.21:cert1:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.21:cert1:-:-:lts
  • cpe:2.3:a:digium:certified_asterisk:13.21:cert2:-:-:lts
    cpe:2.3:a:digium:certified_asterisk:13.21:cert2:-:-:lts
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
CVSS
Base: 5.0
Impact:
Exploitability:
CWE CWE-399
CAPEC
nessus via4
  • NASL family Misc.
    NASL id ASTERISK_AST_2018_009.NASL
    description According to its SIP banner, the version of Asterisk running on the remote host is 13.x prior to 13.23.1, 14.x prior to 14.7.8, 15.x prior to 15.6.1, or 13.21 prior to 13.21-cert3. It is therefore, affected by an error related to the res_http_websocket.so module that allows a stack overflow error as described in AST-2018-009. This error can allow denial of service attacks. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-12-07
    plugin id 117808
    published 2018-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117808
    title Asterisk 13.x < 13.23.1 / 14.x < 14.7.8 / 15.x < 15.6.1 / 13.21 < 13.21-cert3 HTTP Websocket Stack Overflow (AST-2018-009)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4320.NASL
    description Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or information disclosure.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 118158
    published 2018-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118158
    title Debian DSA-4320-1 : asterisk - security update
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1523.NASL
    description Sean Bright discovered that Asterisk, a PBX and telephony toolkit, contained a stack overflow vulnerability in the res_http_websocket.so module that allowed remote attackers to crash Asterisk via specially crafted HTTP requests to upgrade the connection to a websocket. For Debian 8 'Jessie', this problem has been fixed in version 1:11.13.1~dfsg-2+deb8u6. We recommend that you upgrade your asterisk packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 117810
    published 2018-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117810
    title Debian DLA-1523-1 : asterisk security update
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201811-11.NASL
    description The remote host is affected by the vulnerability described in GLSA-201811-11 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Asterisk. Please review the referenced CVE identifiers for details. Impact : A remote attacker could cause a Denial of Service condition or conduct information gathering. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 119131
    published 2018-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119131
    title GLSA-201811-11 : Asterisk: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_77F67B46BD7511E881B6001999F8D30B.NASL
    description The Asterisk project reports : There is a stack overflow vulnerability in the res_http_websocket.so module of Asterisk that allows an attacker to crash Asterisk via a specially crafted HTTP request to upgrade the connection to a websocket. The attackers request causes Asterisk to run out of stack space and crash. As a workaround disable HTTP websocket access by not loading the res_http_websocket.so module.
    last seen 2019-02-21
    modified 2018-12-21
    plugin id 117651
    published 2018-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117651
    title FreeBSD : asterisk -- Remote crash vulnerability in HTTP websocket upgrade (77f67b46-bd75-11e8-81b6-001999f8d30b)
refmap via4
bid 105389
bugtraq 20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
confirm
debian DSA-4320
fulldisc 20180920 AST-2018-009: Remote crash vulnerability in HTTP websocket upgrade
gentoo GLSA-201811-11
misc http://packetstormsecurity.com/files/149453/Asterisk-Project-Security-Advisory-AST-2018-009.html
mlist [debian-lts-announce] 20180927 [SECURITY] [DLA 1523-1] asterisk security update
sectrack 1041694
Last major update 24-09-2018 - 18:29
Published 24-09-2018 - 18:29
Last modified 20-12-2018 - 09:16
Back to Top