CVE-2019-18790

NameCVE-2019-18790
DescriptionAn issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and Certified Asterisk 13.21, because of an incomplete fix for CVE-2019-18351. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijacked as a result. The only thing that needs to be known is the peer's name; authentication details such as passwords do not need to be known. This vulnerability is only exploitable when the nat option is set to the default, or auto_force_rport.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-2017-1
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
asterisk (PTS)jessie1:11.13.1~dfsg-2+deb8u5vulnerable
jessie (security)1:11.13.1~dfsg-2+deb8u8fixed
stretch (security), stretch1:13.14.1~dfsg-2+deb9u4vulnerable
buster1:16.2.1~dfsg-1+deb10u1vulnerable
bullseye, sid1:16.2.1~dfsg-2vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
asterisksource(unstable)(unfixed)
asterisksourcejessie1:11.13.1~dfsg-2+deb8u7DLA-2017-1

Notes

[buster] - asterisk <no-dsa> (Minor issue)
[stretch] - asterisk <no-dsa> (Minor issue)
https://downloads.asterisk.org/pub/security/AST-2019-006.html
https://issues.asterisk.org/jira/browse/ASTERISK-28589

Search for package or bug name: Reporting problems