Vulnerability Name:

CVE-2013-5641 (CCN-86673)

Assigned:2013-08-27
Published:2013-08-27
Updated:2013-09-12
Summary:The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before 11.2-cert2 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and daemon crash) via an ACK with SDP to a previously terminated channel.
Note: some of these details are obtained from third party information.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: BUGTRAQ
Type: UNKNOWN
20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP

Source: MITRE
Type: CNA
CVE-2013-5641

Source: CCN
Type: AST-2013-004
Remote Crash From Late Arriving SIP ACK With SDP

Source: CONFIRM
Type: Patch
http://downloads.asterisk.org/pub/security/AST-2013-004.html

Source: OSVDB
Type: UNKNOWN
96691

Source: BUGTRAQ
Type: Patch
20130827 AST-2013-004: Remote Crash From Late Arriving SIP ACK With SDP

Source: CCN
Type: SA54534
Asterisk Products SIP Channel Driver Two Denial of Service Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
54534

Source: SECUNIA
Type: UNKNOWN
54617

Source: DEBIAN
Type: UNKNOWN
DSA-2749

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2013:223

Source: CCN
Type: OSVDB ID: 96691
Asterisk Post Channel Termination ACK Handling Remote DoS

Source: BID
Type: UNKNOWN
62021

Source: CCN
Type: BID-62021
Multiple Asterisk Products SIP ACK With SDP Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1028956

Source: XF
Type: UNKNOWN
asterisk-cve20135641-dos(86673)

Source: CONFIRM
Type: Vendor Advisory
https://issues.asterisk.org/jira/browse/ASTERISK-21064

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2013-5641

Vulnerable Configuration:Configuration 1:
  • cpe:/a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.5:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.5:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.6.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:1.8.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:digium:asterisk:10.4.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:18540
    P
    		DSA-2749-1 asterisk - several
    2014-06-23
    oval:com.ubuntu.precise:def:20135641000
    V
    		CVE-2013-5641 on Ubuntu 12.04 LTS (precise) - medium.
    2013-09-09
    oval:com.ubuntu.xenial:def:201356410000000
    V
    		CVE-2013-5641 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-09-09
    oval:com.ubuntu.trusty:def:20135641000
    V
    		CVE-2013-5641 on Ubuntu 14.04 LTS (trusty) - medium.
    2013-09-09
    oval:com.ubuntu.xenial:def:20135641000
    V
    		CVE-2013-5641 on Ubuntu 16.04 LTS (xenial) - medium.
    2013-09-09
    BACK
    digium asterisk 1.8.17.0
    digium asterisk 1.8.17.0 rc1
    digium asterisk 1.8.17.0 rc2
    digium asterisk 1.8.17.0 rc3
    digium asterisk 1.8.18.0
    digium asterisk 1.8.18.0 rc1
    digium asterisk 1.8.18.1
    digium asterisk 1.8.19.0
    digium asterisk 1.8.19.0 rc1
    digium asterisk 1.8.19.0 rc3
    digium asterisk 1.8.19.1
    digium asterisk 1.8.20.0
    digium asterisk 1.8.20.0 rc1
    digium asterisk 1.8.20.0 rc2
    digium asterisk 1.8.21.0 rc1
    digium asterisk 1.8.21.0 rc2
    digium asterisk 1.8.22.0
    digium asterisk 1.8.22.0 rc1
    digium asterisk 1.8.22.0 rc2
    digium asterisk 1.8.23.0
    digium asterisk 1.8.23.0 rc1
    digium asterisk 1.8.23.0 rc2
    digium asterisk 11.0.0
    digium asterisk 11.0.0 beta1
    digium asterisk 11.0.0 beta2
    digium asterisk 11.0.0 rc1
    digium asterisk 11.0.0 rc2
    digium asterisk 11.0.1
    digium asterisk 11.0.2
    digium asterisk 11.1.0
    digium asterisk 11.1.0 rc1
    digium asterisk 11.1.0 rc3
    digium asterisk 11.1.1
    digium asterisk 11.1.2
    digium asterisk 11.2.0 rc1
    digium asterisk 11.2.0 rc2
    digium asterisk 11.3.0 rc1
    digium asterisk 11.3.0 rc2
    digium asterisk 11.4.0
    digium asterisk 11.4.0 rc1
    digium asterisk 11.4.0 rc2
    digium asterisk 11.4.0 rc3
    digium asterisk 11.5.0
    digium asterisk 11.5.0 rc1
    digium asterisk 11.5.0 rc2
    digium asterisk 11.5.1
    digium certified asterisk 1.8.15
    digium certified asterisk 1.8.15 cert1
    digium certified asterisk 1.8.15 cert1-rc1
    digium certified asterisk 1.8.15 cert1-rc2
    digium certified asterisk 1.8.15 cert1-rc3
    digium certified asterisk 1.8.15 cert2
    digium certified asterisk 1.8.15 rc1
    digium certified asterisk 11.2.0
    digium certified asterisk 11.2.0 cert1
    digium certified asterisk 11.2.0 rc1
    digium certified asterisk 11.2.0 rc2
    digium asterisk 1.8.1.2
    digium asterisk 1.8.1.1
    digium asterisk 1.8.4 rc3
    digium asterisk 1.8.4 rc2
    digium asterisk 1.8.4 rc1
    digium asterisk 1.8.4
    digium asterisk 1.8.4.1
    digium asterisk 1.8.1 rc1
    digium asterisk 1.8.0 rc5
    digium asterisk 1.8.0 rc4
    digium asterisk 1.8.0 rc3
    digium asterisk 1.8.0 rc2
    digium asterisk 1.8.3.3
    digium asterisk 1.8.0 beta5
    digium asterisk 1.8.0 beta4
    digium asterisk 1.8.0 beta3
    digium asterisk 1.8.0 beta2
    digium asterisk 1.8.0 beta1
    digium asterisk 1.8.0
    digium asterisk 1.8.2.3
    digium asterisk 1.8.2.2
    digium asterisk 1.8.2.1
    digium asterisk 1.8.2
    digium asterisk 1.8.3
    digium asterisk 1.8.1
    digium asterisk 1.8.3 rc3
    digium asterisk 1.8.3.1
    digium asterisk 1.8.3 rc1
    digium asterisk 1.8.3 rc2
    digium asterisk 1.8.3.2
    digium asterisk 1.8.2.4
    digium asterisk 1.8.4.2
    digium asterisk 1.8.4.3
    digium asterisk 1.8.4.4
    digium asterisk 1.8.5
    digium asterisk 1.8.5 rc1
    digium asterisk 1.8.5.0
    digium asterisk 1.8.6.0
    digium asterisk 1.8.6.0 rc1
    digium asterisk 1.8.6.0 rc2
    digium asterisk 1.8.6.0 rc3
    digium asterisk 1.8.7.0
    digium asterisk 1.8.7.0 rc1
    digium asterisk 1.8.7.0 rc2
    digium asterisk 1.8.7.1
    digium asterisk 10.4.0