CVE-2018-7284 : Exploit Details and Defense Strategies

A vulnerability named Buffer Overflow has been identified in Asterisk versions 13.19.1, 14.x to 14.7.5, and 15.x to 15.2.1, as well as Certified Asterisk version 13.18-cert2. This vulnerability affects the res_pjsip_pubsub module, specifically when handling SUBSCRIBE requests. The module stores the accepted formats from the headers present in the request's Accept field. However, the module does not impose a limit on the number of headers it processes, even though there is a fixed limit of 32. Consequently, if the number of Accept headers exceeds 32, the module will write outside of its allocated memory and potentially cause a system crash.

Understanding CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through versions 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the res_pjsip_pubsub module stores the accepted formats present in the Accept headers of the request. This code did not limit the number of headers it processed, despite having a fixed limit of 32. If more than 32 Accept headers were present, the code would write outside of its memory and cause a crash.

What is CVE-2018-7284?

A Buffer Overflow vulnerability in Asterisk versions 13.19.1, 14.x to 14.7.5, and 15.x to 15.2.1, and Certified Asterisk version 13.18-cert2
Impacting the res_pjsip_pubsub module when handling SUBSCRIBE requests
Lack of limit on the number of headers processed leading to potential system crashes

The Impact of CVE-2018-7284

Allows attackers to potentially crash systems by exceeding the limit of Accept headers
May lead to unauthorized access or denial of service

Technical Details of CVE-2018-7284

Asterisk versions 13.19.1, 14.x to 14.7.5, and 15.x to 15.2.1, as well as Certified Asterisk version 13.18-cert2, are affected by this vulnerability.

Vulnerability Description

Buffer Overflow vulnerability in the res_pjsip_pubsub module
Caused by the lack of limit on the number of headers processed

Affected Systems and Versions

Asterisk versions 13.19.1, 14.x to 14.7.5, and 15.x to 15.2.1
Certified Asterisk version 13.18-cert2

Exploitation Mechanism

Attackers can craft malicious SUBSCRIBE requests with more than 32 Accept headers
By exceeding the limit, the module writes outside its memory, potentially leading to a system crash

Mitigation and Prevention

To address CVE-2018-7284, follow these steps:

Immediate Steps to Take

Apply patches provided by Asterisk to fix the vulnerability
Monitor network traffic for any suspicious activity

Long-Term Security Practices

Regularly update and patch Asterisk software to prevent vulnerabilities
Implement network segmentation and access controls to limit exposure

Patching and Updates

Update to the latest patched versions of Asterisk to mitigate the Buffer Overflow vulnerability