[Pkg-voip-commits] r9073 - in /asterisk/branches/squeeze/debian: changelog patches/AST-2011-011 patches/series
tzafrir at alioth.debian.org
tzafrir at alioth.debian.org
Fri Jul 1 13:18:13 UTC 2011
Author: tzafrir
Date: Fri Jul 1 13:18:13 2011
New Revision: 9073
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=9073
Log:
AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
(closes: #632029)
Added:
asterisk/branches/squeeze/debian/patches/AST-2011-011
Modified:
asterisk/branches/squeeze/debian/changelog
asterisk/branches/squeeze/debian/patches/series
Modified: asterisk/branches/squeeze/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/changelog?rev=9073&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/changelog (original)
+++ asterisk/branches/squeeze/debian/changelog Fri Jul 1 13:18:13 2011
@@ -4,8 +4,10 @@
(Closes: 631446).
* Patch AST-2011-010 (CVE-2011-2535): crash due to dereferencing a remote
pointer (closes: #631448).
-
- -- Tzafrir Cohen <tzafrir at debian.org> Fri, 24 Jun 2011 18:53:22 +0300
+ * AST-2011-011 (CVE-2011-2536): Don't leak SIP username information
+ (closes: #632029)
+
+ -- Tzafrir Cohen <tzafrir at debian.org> Fri, 01 Jul 2011 14:57:12 +0300
asterisk (1:1.6.2.9-2+squeeze2) stable-security; urgency=high
Added: asterisk/branches/squeeze/debian/patches/AST-2011-011
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/AST-2011-011?rev=9073&op=file
==============================================================================
--- asterisk/branches/squeeze/debian/patches/AST-2011-011 (added)
+++ asterisk/branches/squeeze/debian/patches/AST-2011-011 Fri Jul 1 13:18:13 2011
@@ -1,0 +1,68 @@
+From b06d1f57ba6bd29e29a659d428ec378330d76665 Mon Sep 17 00:00:00 2001
+From: Terry Wilson <twilson at digium.com>
+Date: Tue, 28 Jun 2011 20:06:16 +0000
+Subject: [PATCH] Merged revisions 325275 via svnmerge from
+ https://origsvn.digium.com/svn/asterisk/branches/1.4
+
+........
+ r325275 | twilson | 2011-06-28 15:03:19 -0500 (Tue, 28 Jun 2011) | 2 lines
+
+ Don't leak SIP username information
+........
+
+
+Origin: http://svnview.digium.com/svn/asterisk?view=rev&rev=325277
+---
+ channels/chan_sip.c | 17 ++++++-----------
+ 1 files changed, 6 insertions(+), 11 deletions(-)
+
+--- a/channels/chan_sip.c
++++ b/channels/chan_sip.c
+@@ -13004,9 +13004,9 @@ static void transmit_fake_auth_response(
+ {
+ /* We have to emulate EXACTLY what we'd get with a good peer
+ * and a bad password, or else we leak information. */
+- const char *response = "407 Proxy Authentication Required";
+- const char *reqheader = "Proxy-Authorization";
+- const char *respheader = "Proxy-Authenticate";
++ const char *response = "401 Unauthorized";
++ const char *reqheader = "Authorization";
++ const char *respheader = "WWW-Authenticate";
+ const char *authtoken;
+ struct ast_str *buf;
+ char *c;
+@@ -13021,23 +13021,18 @@ static void transmit_fake_auth_response(
+ [K_LAST] = { NULL, NULL}
+ };
+
+- if (sipmethod == SIP_REGISTER || sipmethod == SIP_SUBSCRIBE) {
+- response = "401 Unauthorized";
+- reqheader = "Authorization";
+- respheader = "WWW-Authenticate";
+- }
+ authtoken = get_header(req, reqheader);
+ if (req->ignore && !ast_strlen_zero(p->randdata) && ast_strlen_zero(authtoken)) {
+ /* This is a retransmitted invite/register/etc, don't reconstruct authentication
+ * information */
+- transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
++ transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
+ /* Schedule auto destroy in 32 seconds (according to RFC 3261) */
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ return;
+ } else if (ast_strlen_zero(p->randdata) || ast_strlen_zero(authtoken)) {
+ /* We have no auth, so issue challenge and request authentication */
+ set_nonce_randdata(p, 1);
+- transmit_response_with_auth(p, response, req, p->randdata, 0, respheader, 0);
++ transmit_response_with_auth(p, response, req, p->randdata, reliable, respheader, 0);
+ /* Schedule auto destroy in 32 seconds */
+ sip_scheddestroy(p, DEFAULT_TRANS_TIMEOUT);
+ return;
+@@ -13296,7 +13291,7 @@ static enum check_auth_result register_v
+ }
+ }
+ }
+- if (!peer && sip_cfg.alwaysauthreject) {
++ if (!peer && sip_cfg.alwaysauthreject && ast_test_flag(&p->flags[1], SIP_PAGE2_REGISTERTRYING)) {
+ /* If we found a peer, we transmit a 100 Trying. Therefore, if we're
+ * trying to avoid leaking information, we MUST also transmit the same
+ * response when we DON'T find a peer. */
Modified: asterisk/branches/squeeze/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/squeeze/debian/patches/series?rev=9073&op=diff
==============================================================================
--- asterisk/branches/squeeze/debian/patches/series (original)
+++ asterisk/branches/squeeze/debian/patches/series Fri Jul 1 13:18:13 2011
@@ -36,3 +36,4 @@
AST-2011-006
AST-2011-008
AST-2011-010
+AST-2011-011
More information about the Pkg-voip-commits
mailing list