We reported three issues to Digium, two of which actually affect PJSIP and one of which affect chan_skinny. We’re happy to say that they have now been fixed, at least in the latest versions of Asterisk.
The vulnerabilities affecting PJSIP will affect Asterisk users who use chan_pjsip instead of the legacy chan_sip. They will also affect those who use PJSIP in other products of course. These security issues appear to be major vulnerabilities and at least one of them looks very exploitable (i.e. leading to remote code execution). In both cases, they will definitely lead to a crash, i.e. Denial of Service. For the technical details, check out the advisories that we just released:
- Heap overflow in CSEQ header parsing affects Asterisk chan_pjsip and PJSIP
- Out of bound memory access in PJSIP multipart parser crashes Asterisk
*** This is a Security Bloggers Network syndicated blog from SIPVicious authored by Sandro Gauci. Read the original post at: http://feedproxy.google.com/~r/Sipvicious/~3/AdXGjSDF6WQ/fuzzing-pjsip-and-chansccp.html