Vigil@nce: Asterisk, traffic amplification via IAX2
July 2008 by Vigil@nce
SYNTHESIS
An attacker can send a fragment of the firmware to the victim,
which unnecessarily uses bandwidth, and can lead to a denial of
service.
Gravity: 2/4
Consequences: denial of service of computer, denial of service of
service
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 23/07/2008
Identifier: VIGILANCE-VUL-7966
IMPACTED PRODUCTS
– Fedora [confidential versions]
– Unix - plateform
DESCRIPTION
A client can request the Asterisk server to send it a firmware
image update. In order to do so, the client sends a "FWDOWNL"
query (Firmware Download Request Message) to the server, which
starts to send the firmware. Then, the client answers with:
– FWDATA to continue the download
– REJECT to cancel the download
An attacker can spoof the address of a client and send a FWDOWNL
on his behalf. The target will receive a part of the firmware and
will then cancel this unwanted download.
During this operation, the attacker sends 40 bytes, and the server
sends 1040 bytes to the victim. An attacker can thus use Asterisk
to multiply the data load by 26.
An attacker can therefore send numerous FWDOWNL packets to several Asterisk servers, in order to amplify a denial of service to the
server or the network of the victim.
CHARACTERISTICS
Identifiers: AST-2008-010, AST-2008-011, CVE-2008-3264, FEDORA-2008-6676, VIGILANCE-VUL-7966