CVE-2017-17090
published 2017-12-02CVE-2017-17090: An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7…
PriorityP269high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
81.51%
99.6th percentile
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | asterisk | < asterisk 1:13.18.3~dfsg-1 (bullseye) | asterisk 1:13.18.3~dfsg-1 (bullseye) |
| digium | asterisk | <= 13.8.2 | — |
| digium | asterisk | <= 14.7.2 | — |
| digium | asterisk | <= 15.1.2 | — |
| digium | asterisk | >= 0 < 1:13.18.3~dfsg-1 | 1:13.18.3~dfsg-1 |
| digium | certified_asterisk | <= 13.13 | — |
| digium | certified_asterisk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
450002c50001000040067a307f0000017f000001001407d00000000000000000500220009a2b0000e4eea8a72a97467d3631824ac1c08c604e762eb80af46cc6d219a4cf65c13992b4a8af94cb5e87c14faf0254cba25af9fb33bd8d2a58e370e3a866639dfdec350875cfecfe068a16746963fffeee0fdcbac75eb4f09d625f3ae1b4a3eb2812e6f838e88b0d7d9881465a0faf45664df8008d4d6de1a5e20a9c97a71f57d3429e0b17db3aeb3bf516ca4e207a5c801d04132979508f267c7425a57fd0edd271b57ff9831b595b519e73404f170492ae3ad438d4aeca854e96c9dd56d2af3813b8de6b3d8d31d32c0e95be9cb3a5c6106f64c4f19cda2b55ad1471f3d63e1b1ca3c29f362def063ad9b29ea4d1c1fda5c2e4cf0ae75064c27411a2deb5fab11e6412cd5a4037f38779f0173fa1f2ca1740aa78fe37bc0a50f5619c7abba00f2957bf06770ff4d6c003d4533de19f51bcbbd9bbe0ceb3e17dd180e58ee2698998edca42e3d6a8079cc151b608e5bd5aff052e718e714b360f9b091894a5eeed34dafe41d27f19988b3e0ac5a6dd8947c3537ae31154e983cdbac0861afc500206e74030c9e452738ece13075df2dbebb8a1737ee3b4880bc6d428ee2d3d64f585e197dc63f30638a4c55cff0b8e6aa82dfdf199baabd92c10092414015fad5f08e9c816a4d028574ee5340c08b2fe65ca1e7ca907ea2ebd6661e01e9b9d39d5bdb3e3cebd58e96f97f487bb580bcf5447ac48a2ad5541ae0ddcc9ec1f9528f2c07316dbd760e91e3bddbd53fbf6987fdba0830bdb485524950b5611e18e5d517c0f3ae05aa2daec42a5c43eab07aa0018ab750dc6995adad6561cc8a0379f7a12d8e5e474df013459442801d6871c5820318d790833687619b70b0da74893ca441f177ab9e7d7a537c6ff4920c79631905c35167d8a6efc0c6bced9270691abc5b4de84f956f8c1d34f9ef3f0073dafce8c076c4d537e981a1e8ff6ed3e8c
- →Monitor for repeated TCP connection attempts to port 2000 (SCCP/Skinny default port) from a single source, which is the attack vector used to flood chan_skinny and exhaust Asterisk virtual memory. ↗
- →The exploit sends crafted SCCP packets in a tight loop (while 1) over TCP to port 2000; detect rapid repeated TCP connections to the Skinny/SCCP port combined with large packet payloads (~709 bytes) as an indicator of this DoS attack. ↗
- →The vulnerability resides in chan_skinny.c (SCCP protocol channel driver); if this module is not required, disabling it eliminates the attack surface entirely. ↗
- ·The exploit targets Asterisk 13.17.2 specifically; the vulnerability affects all Asterisk Open Source 13.18.2 and older, 14.7.2 and older, 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. The byte signature payload was crafted for the tested version and may not be identical across all vulnerable versions. ↗
- ·The attack is unauthenticated and remote, requiring only network access to the SCCP/Skinny TCP port (default 2000). No credentials are needed to trigger the memory exhaustion. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-m542-x3mj-mpgq: An issue was discovered in chan_skinny
ghsa_unreviewed·2022-05-13
CVE-2017-17090 [HIGH] CWE-459 GHSA-m542-x3mj-mpgq: An issue was discovered in chan_skinny
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
OSV
CVE-2017-17090: An issue was discovered in chan_skinny
osv·2017-12-02·CVSS 7.5
CVE-2017-17090 [HIGH] CVE-2017-17090: An issue was discovered in chan_skinny
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
Debian
CVE-2017-17090: asterisk - An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and old...
vendor_debian·2017·CVSS 7.5
CVE-2017-17090 [HIGH] CVE-2017-17090: asterisk - An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and old...
An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP protocol) channel driver is flooded with certain requests, it can cause the asterisk process to use excessive amounts of virtual memory, eventually causing asterisk to stop processing requests of any kind.
Scope: local
bullseye: resolved (fixed in 1:13.18.3~dfsg-1)
sid: resolved (fixed in 1:13.18.3~dfsg-1)
No detection rules found.
Bugzilla
CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny [epel-6]
bugzilla·2017-12-04·CVSS 7.5
CVE-2017-17090 [HIGH] CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny [epel-6]
CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for the 'fedpkg
Bugzilla
CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny
bugzilla·2017-12-04·CVSS 7.5
CVE-2017-17090 [HIGH] CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny
CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny
If the chan_skinny (AKA SCCP protocol) channel driver is flooded with certain requests it can cause the asterisk process to use excessive amounts of virtual memory eventually causing asterisk to stop processing requests of any kind.
References:
http://downloads.asterisk.org/pub/security/AST-2017-013.html
https://issues.asterisk.org/jira/browse/ASTERISK-27452
Discussion:
Created asterisk tracking bugs for this issue:
Affects: epel-6 [bug 1520369]
Affects: fedora-all [bug 1520368]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny [fedora-all]
bugzilla·2017-12-04·CVSS 7.5
CVE-2017-17090 [HIGH] CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny [fedora-all]
CVE-2017-17090 asterisk: DOS Vulnerability in Asterisk chan_skinny [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
http://downloads.digium.com/pub/security/AST-2017-013.htmlhttp://www.securityfocus.com/bid/102023http://www.securitytracker.com/id/1039948https://issues.asterisk.org/jira/browse/ASTERISK-27452https://lists.debian.org/debian-lts-announce/2017/12/msg00028.htmlhttps://www.debian.org/security/2017/dsa-4076https://www.exploit-db.com/exploits/43992/http://downloads.digium.com/pub/security/AST-2017-013.htmlhttp://www.securityfocus.com/bid/102023http://www.securitytracker.com/id/1039948https://issues.asterisk.org/jira/browse/ASTERISK-27452https://lists.debian.org/debian-lts-announce/2017/12/msg00028.htmlhttps://www.debian.org/security/2017/dsa-4076https://www.exploit-db.com/exploits/43992/
2017-12-02
Published