Summary: | ASTERISK-26940: Asterisk Skinny memory exhaustion vulnerability leads to DoS | ||
Reporter: | Sandro Gauci (sandrogauci) | Labels: | Security |
Date Opened: | 2017-04-12 04:03:27 | Date Closed: | 2017-05-19 14:56:32 |
Priority: | Critical | Regression? | |
Status: | Closed/Complete | Components: | Channels/chan_skinny |
Versions: | 14.4.0 | Frequency of Occurrence | |
Related Issues: | |||
Environment: | Attachments: | ( 0) mem-graph.png ( 1) README.md | |
Description: | I have included our draft report as an attachment. | ||
Comments: | By: Asterisk Team (asteriskteam) 2017-04-12 04:03:28.593-0500 Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution. A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report. Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process]. By: George Joseph (gjoseph) 2017-04-13 08:10:41.105-0500 *WARNING* Running the command to duplicate this issue may lock up the system. For me, it locked up X and I had to do a ctrl-alt-backspace. By: George Joseph (gjoseph) 2017-04-13 13:51:10.504-0500 So the issue is actually 2-fold. We're not checking the return of read() for end-of-file (0) so we just keep spinning but calling ast_log in that tight of a loop is what causes the memory utilization to escalate very quickly. By: Friendly Automation (friendly-automation) 2017-05-19 14:56:33.030-0500 Change 5656 merged by Jenkins2: AST-2017-004: chan_skinny: Add EOF check in skinny_session [https://gerrit.asterisk.org/5656|https://gerrit.asterisk.org/5656] By: Friendly Automation (friendly-automation) 2017-05-19 14:58:52.686-0500 Change 5660 merged by George Joseph: AST-2017-004: chan_skinny: Add EOF check in skinny_session [https://gerrit.asterisk.org/5660|https://gerrit.asterisk.org/5660] By: Friendly Automation (friendly-automation) 2017-05-19 15:10:10.662-0500 Change 5663 merged by Jenkins2: AST-2017-004: chan_skinny: Add EOF check in skinny_session [https://gerrit.asterisk.org/5663|https://gerrit.asterisk.org/5663] By: Friendly Automation (friendly-automation) 2017-05-19 15:11:52.072-0500 Change 5672 merged by Matthew Fredrickson: AST-2017-004: chan_skinny: Add EOF check in skinny_session [https://gerrit.asterisk.org/5672|https://gerrit.asterisk.org/5672] By: Friendly Automation (friendly-automation) 2017-05-19 15:12:03.218-0500 Change 5667 merged by Matthew Fredrickson: AST-2017-004: chan_skinny: Add EOF check in skinny_session [https://gerrit.asterisk.org/5667|https://gerrit.asterisk.org/5667] By: Friendly Automation (friendly-automation) 2017-05-19 15:12:53.666-0500 Change 5670 merged by Matthew Fredrickson: AST-2017-004: chan_skinny: Add EOF check in skinny_session [https://gerrit.asterisk.org/5670|https://gerrit.asterisk.org/5670] |