Vulnerability CVE-2013-7100 - CERT Civis.Net

Vulnerability Name:

CVE-2013-7100 (CCN-89825)

Assigned:

2013-12-16

Published:

2013-12-16

Updated:

2017-08-29

Summary:

Buffer overflow in the unpacksms16 function in apps/app_sms.c in Asterisk Open Source 1.8.x before 1.8.24.1, 10.x before 10.12.4, and 11.x before 11.6.1; Asterisk with Digiumphones 10.x-digiumphones before 10.12.4-digiumphones; and Certified Asterisk 1.8.x before 1.8.15-cert4 and 11.x before 11.2-cert3 allows remote attackers to cause a denial of service (daemon crash) via a 16-bit SMS message with an odd number of bytes, which triggers an infinite loop.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: BUGTRAQ
Type: UNKNOWN
20131216 AST-2013-006: Buffer Overflow when receiving odd length 16 bit SMS message

Source: MITRE
Type: CNA
CVE-2013-7100

Source: CCN
Type: AST-2013-006
Buffer Overflow when receiving odd length 16 bit SMS message

Source: CONFIRM
Type: Patch, Vendor Advisory
http://downloads.asterisk.org/pub/security/AST-2013-006.html

Source: OSVDB
Type: UNKNOWN
101100

Source: CCN
Type: SA55907
Asterisk Security Bypass and Memory Corruption Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
56294

Source: DEBIAN
Type: UNKNOWN
DSA-2835

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2013:300

Source: CCN
Type: OSVDB ID: 101100
Asterisk Crafted 16 bit SMS Message Handling Remote Overflow DoS

Source: BID
Type: UNKNOWN
64364

Source: CCN
Type: BID-64364
Multiple Asterisk Products 'unpacksms16()' Function Buffer Overflow Denial of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1029499

Source: XF
Type: UNKNOWN
asterisk-sms-message-dos(89825)

Source: XF
Type: UNKNOWN
asterisk-sms-message-dos(89825)

Source: CONFIRM
Type: Exploit, Patch
https://issues.asterisk.org/jira/browse/ASTERISK-22590

Vulnerable Configuration:

Configuration 1:

cpe:/a:digium:asterisk:1.8.17.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.17.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.17.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.17.0:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.18.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.18.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.18.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.19.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.19.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.19.0:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.19.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.20.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.20.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.20.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.21.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.21.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.22.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.22.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.22.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.23.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.23.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.8.23.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.10.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.10.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.10.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.11.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.11.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.11.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.11.0:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.12.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.12.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.12.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.12.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.12.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.1.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.1.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.1.0:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.1.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.1.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.2.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.2.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.3.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.3.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.4.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.4.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.4.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.4.0:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.5.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.5.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.5.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.5.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.0.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.0.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.11.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.11.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.11.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.11.0:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.12.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.12.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.12.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.12.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk_digiumphones:10.12.2:*:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:1.8.15:*:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:1.8.15:cert1:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:1.8.15:cert1-rc1:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:1.8.15:cert1-rc2:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:1.8.15:cert1-rc3:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:1.8.15:cert2:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:1.8.15:rc1:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:11.2.0:*:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:11.2.0:cert1:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:11.2.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:certified_asterisk:11.2.0:rc2:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:digium:asterisk:1.8.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:11.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:20939	P	DSA-2835-1 asterisk - buffer overflow	2014-06-23
oval:com.ubuntu.precise:def:20137100000	V	CVE-2013-7100 on Ubuntu 12.04 LTS (precise) - medium.	2013-12-19
oval:com.ubuntu.xenial:def:201371000000000	V	CVE-2013-7100 on Ubuntu 16.04 LTS (xenial) - medium.	2013-12-19
oval:com.ubuntu.trusty:def:20137100000	V	CVE-2013-7100 on Ubuntu 14.04 LTS (trusty) - medium.	2013-12-19
oval:com.ubuntu.xenial:def:20137100000	V	CVE-2013-7100 on Ubuntu 16.04 LTS (xenial) - medium.	2013-12-19