News
Vigil@nce - Asterisk: denial of service via SRTP
February 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When the res_srtp module is loaded, an attacker can negotiate an encrypted video stream, in order to stop Asterisk.
Severity: 2/4
Creation date: 20/01/2012
IMPACTED PRODUCTS
Asterisk Open Source
DESCRIPTION OF THE VULNERABILITY
The SRTP (Secure Real-time Transport Protocol) protocol adds authentication and encryption features to RTP. The Asterisk res_srtp module implements SRTP.
The RFC 4568 defines security attributes of SDP (Session Description Protocol). The "crypto:" attribute indicates algorithms and keys. The process_crypto() function of the channels/chan_sip.c file decodes this attribute.
However, if there is no RTP session for the requested media type (video for example), the usage of the "crypto:" attribute dereferences a NULL pointer in process_crypto().
When the res_srtp module is loaded, an attacker can therefore negotiate an encrypted video stream, in order to stop Asterisk.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
