Headline
Ubuntu Security Notice USN-6448-1
Ubuntu Security Notice 6448-1 - Xu Biang discovered that Sofia-SIP did not properly manage memory when handling STUN packets. An attacker could use this issue to cause Sofia-SIP to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================
Ubuntu Security Notice USN-6448-1
October 24, 2023
sofia-sip vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
Sofia-SIP could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- sofia-sip: Sofia-SIP library development files
Details:
Xu Biang discovered that Sofia-SIP did not properly manage memory when
handling STUN packets. An attacker could use this issue to cause
Sofia-SIP to crash, resulting in a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
libsofia-sip-ua-glib3 1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.10.1
libsofia-sip-ua0 1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.10.1
sofia-sip-bin 1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.10.1
Ubuntu 23.04:
libsofia-sip-ua-glib3 1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.04.1
libsofia-sip-ua0 1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.04.1
sofia-sip-bin 1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.04.1
Ubuntu 22.04 LTS:
libsofia-sip-ua-glib3 1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.2
libsofia-sip-ua0 1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.2
sofia-sip-bin 1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.2
Ubuntu 20.04 LTS:
libsofia-sip-ua-glib3 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2
libsofia-sip-ua0 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2
sofia-sip-bin 1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libsofia-sip-ua-glib3 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1
libsofia-sip-ua0 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1
sofia-sip-bin 1.12.11+20110422.1-2.1+deb10u3ubuntu0.18.04.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libsofia-sip-ua-glib3 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2
libsofia-sip-ua0 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2
sofia-sip-bin 1.12.11+20110422.1-2.1+deb10u3ubuntu0.16.04.1~esm2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6448-1
CVE-2023-32307
Package Information:
https://launchpad.net/ubuntu/+source/sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.10.1
https://launchpad.net/ubuntu/+source/sofia-sip/1.12.11+20110422.1+1e14eea~dfsg-4ubuntu1.23.04.1
https://launchpad.net/ubuntu/+source/sofia-sip/1.12.11+20110422.1-2.1+deb10u3ubuntu0.22.04.2
https://launchpad.net/ubuntu/+source/sofia-sip/1.12.11+20110422.1-2.1+deb10u3ubuntu0.20.04.2
Related news
Gentoo Linux Security Advisory 202407-10 - Multiple vulnerabilities have been discovered in Sofia-SIP, the worst of which can lead to remote code execution. Versions prior to 1.13.16 are affected.
Debian Linux Security Advisory 5431-1 - Xu Biang discovered that missing input sanitizing in Sofia-SIP, a SIP User-Agent library could result in denial of service.
Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.