CVE-2018-19278 : Security Advisory and Response

A buffer overflow vulnerability in Digium Asterisk versions 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash the system via specially crafted DNS SRV or NAPTR responses.

Understanding CVE-2018-19278

This CVE involves a buffer overflow issue in DNS SRV and NAPTR lookups in Digium Asterisk, potentially leading to system crashes.

What is CVE-2018-19278?

The vulnerability allows remote attackers to exploit DNS SRV and NAPTR lookups in Asterisk, causing the system to crash by sending a manipulated response.

The Impact of CVE-2018-19278

Remote attackers can take advantage of this vulnerability to remotely crash Digium Asterisk, disrupting its normal operation.

Technical Details of CVE-2018-19278

This section provides detailed technical insights into the vulnerability.

Vulnerability Description

The buffer overflow occurs in DNS SRV and NAPTR lookups in Digium Asterisk versions 15.x and 16.x, enabling remote attackers to crash the system with specially crafted responses.

Affected Systems and Versions

Digium Asterisk versions 15.x before 15.6.2
Digium Asterisk versions 16.x before 16.0.1

Exploitation Mechanism

Attackers exploit the vulnerability by sending manipulated responses in DNS SRV or NAPTR format.
The buffer size discrepancy allows attackers to crash the system remotely.

Mitigation and Prevention

Protecting systems from CVE-2018-19278 requires immediate actions and long-term security practices.

Immediate Steps to Take

Apply the recommended patches provided by Digium Asterisk promptly.
Monitor network traffic for any suspicious activity targeting DNS SRV and NAPTR lookups.

Long-Term Security Practices

Regularly update and patch the Asterisk software to mitigate known vulnerabilities.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Ensure all Digium Asterisk installations are updated to versions 15.6.2 and 16.0.1 or later to address the buffer overflow vulnerability.