Core Security Technologies, provider of CORE IMPACT, the first-to-market penetration testing product for assessing specific information security risks, published two advisories regarding vulnerabilities that could severely impact enterprise phone systems. Core researchers from CoreLabs discovered that, by exploiting either of these buffer overflow vulnerabilities, an attacker could remotely execute code and take control of an organization's entire voice communications system. These vulnerabilities could also serve as entry points for attackers to compromise other critical network systems. Specifically, the vulnerabilities affect:

-- Asterisk PBX (Private Branch Exchange), widely-used open source software for phone systems that supports an extensive range of VoIP equipment, protocols and features including voicemail, interactive voice response, call queuing, three-way calling, caller ID services and more.

-- IAXclient, an open source library that implements the IAX2 VoIP protocol used by several VoIP software phones. Core Security discovered two vulnerabilities that affect VoIP software phones which implement the IAX2 protocol using the IAXclient library.

"These vulnerabilities exemplify the need to address and act upon IP telephony and VoIP security threats in a serious, proactive and systematic manner," said Ivan Arce, CTO at Core Security Technologies. "It's a testament to the dedication and responsiveness of the developers involved with both of these widely used open source software products that security fixes were made available so quickly to their users."

Vulnerability Specifics:

Asterisk PBX truncated video frame vulnerability--The Asterisk-specific IAX2 protocol includes support for transmission of video between the IAX2 clients that implement this feature. A vulnerability found in the Asterisk's handling of IAX2 video frames could lead to the remote compromise of the system running the software PBX through execution of arbitrary code of the attacker's choosing with the privileges of the Asterisk daemon. The vulnerability affects Asterisk PBX software versions up to and including v1.2.8.

IAXclient truncated frames vulnerabilities--IAXclient is an open source library that implements the IAX2 VoIP protocol used by the Asterisk IP PBX and several VoIP software phones. Two vulnerabilities have been discovered in the library that may grant attackers remote execution of arbitrary code on systems using software packages that rely on the library to implement the IAX protocol support. Although these vulnerabilities were discovered and tested using in the IDE FISK software phone, other software packages that use the IAXclient library are also vulnerable.

The maintainers of the vulnerable software have updated their packages with fixed versions For more information on both vulnerabilities, the systems they affect and their corresponding security fixes please visit:

http://www.coresecurity.com/common/showdoc.php?idx=547&idxseccion=10

and

http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10