Asterisk security advisory – T38 AST-2011-002

Digium have released the following security Advisory (AST-2011-002) relating to current versions of Asterisk.

While no known exploits exist this is a buffer overflow that could result in an Asterisk server being crashed or exploited remotely.

New versions of Asterisk will be patched against this exploit but it is also possible to disable the affected parts of Asterisk which are T38 fax pass-thru support and chan_ooh323. Unless you have specifically set up T38 faxing or H323 on your system it is highly unlikely that you are using this functionality anyway and you can safely disable them.

For more details concerning the following commands see the advisory here –

cp /etc/asterisk/sip_general_custom.conf /etc/asterisk/sip_general_custom.conf.orig
echo 't38pt_udptl = no' >> /etc/asterisk/sip_general_custom.conf

cp /etc/asterisk/modules.conf /etc/asterisk/modules.conf.orig
sed -i 's/\[modules\]/\[modules\]\nnoload => chan_ooh323/' /etc/asterisk/modules.conf

asterisk -rx "core restart now"
asterisk -rx "restart now"

Only one restart command is needed depending on the version of Asterisk but running both will not hurt.
All calls in progress will be terminated when the restart is run.