Home » Technology » Fixing the Asterisk Security Hole in TrixBox Systems

The Most Versatile VoIP Provider: FREE PORTING

Fixing the Asterisk Security Hole in TrixBox Systems

It's one of those unfortunate weeks when everything gets put on hold in order to patch a denial of service security problem with Asterisk®. All versions are apparently affected. We obviously can't provide step-by-step instructions for each and every version of Asterisk@Home and TrixBox. But we have thousands of loyal readers that depend upon TrixBox 1.2.3 systems in a production environment. So today's column is for these folks. Our special thanks to Bubba for lending a technical hand as well. We've tested this pretty carefully on Nerd Vittles editions of TrixBox 1.2.3.

Update: For the latest information, please read our Primer on Asterisk Security.

If you're running a different system, you'll have to read between the lines and do the best you can. It reportedly works fine to upgrade Trixbox 2.x sysems as well. If you really get stumped, post your questions on the TrixBox forums and someone will come to your rescue. Make a backup of your system before you begin. For an excellent free backup solution, visit Thomas King's site for Backup 2 and follow the instructions.

The Asterisk Security Problem. The issue involves a hole which allows an improperly formatted SIP packet to crash your server. For more details, go here. In the scheme of things, security problems don't get much worse than this one. All Asterisk servers accept SIP INVITE packets so all Asterisk servers can be crashed from any remote location. New versions of both Asterisk and Zaptel are now available, and today we'll show you how to apply the upgrade to Nerd Vittles TrixBox 1.2.3 systems.

Getting the Latest Kernel Source for TrixBox. TrixBox systems don't ship with kernel source code so we have to begin there before we have the necessary pieces in place to compile the new version of Asterisk and Zaptel. Log into your Asterisk server as root and issue the following command:

yum -y install kernel-devel kernel

Addressing the RedHat Bug. Every time there is an update using the Asterisk kernel, module support needs to be rebuilt using the new kernel. Unfortunately, a RedHat bug (inherited by CentOS) causes the rebuilding process to fail. Here's the fix. Log into your new server as root and issue the following commands to determine which new kernel source was loaded on your system:

cd /usr/src/kernels
ls

You should see an entry that looks something like this: 2.6.9-34.0.2.EL-something. Depending upon the processor in your system, the something may be different than our machine. Write down the name of the new kernel directory and substitute it below for 2.6.9-34.0.2.EL-i686. Now issue these commands:

cd /usr/src/kernels/2.6.9-34.0.2.EL-i686/include/linux
mv spinlock.h spinlock.h.old
wget http://nerdvittles.com/trixbox/spinlock.h
shutdown -r now

Fixing a Source Code Wrinkle. At least one of the existing (older) source modules in the TrixBox 1.2.3 build will cause Asterisk to fail to restart after updating Asterisk. The simple fix below solved it for us. Your mileage may vary. If you have problems, look at the tail of the Asterisk error log (tail /var/log/asterisk/full) and then find the offending source module in the directory shown below. Rename the module and try the compiles again. Here's the error we received (app_speech_utils.so: Asterisk died with code 1.) and what solved it for us without breaking anything (actually it apparently does break Lumenvox; see Comment #7 below for how to fix it):

cd /usr/lib/asterisk/modules
mv app_speech_utils.so app_speech_utils.so.old

Installing Asterisk 1.2.16 and Zaptel 1.2.15. Now we're ready to install the Asterisk and Zaptel updates. While still logged in as root, execute the following commands in order:

amportal stop

cd /usr/src
wget http://ftp.digium.com/pub/telephony/zaptel/zaptel-1.2.15.tar.gz
wget http://ftp.digium.com/pub/telephony/libpri/libpri-1.2.4.tar.gz
wget http://ftp.digium.com/pub/telephony/asterisk/asterisk-1.2.16.tar.gz
wget http://ftp.digium.com/pub/telephony/asterisk/asterisk-addons-1.2.5.tar.gz

tar -zxvf zaptel-1.2.15.tar.gz
tar -zxvf libpri-1.2.4.tar.gz
tar -zxvf asterisk-1.2.16.tar.gz
tar -zxvf asterisk-addons-1.2.5.tar.gz

cd zaptel-1.2.15
make clean
make install
cd ..

cd libpri-1.2.4
make clean
make install
cd ..

cd asterisk-1.2.16
make clean
make install
cd ..

cd asterisk-addons-1.2.5
make clean
make install
cd ..

shutdown -r now

Now rebuild support for your ZAP devices or ztdummy if you have no ZAP devices. Log in as root again and type the following command: rebuild_zaptel. Then reboot your system: shutdown -r now. Now log in as root again. If you have zaptel devices, type modprobe wcfxo. Whether you have zaptel devices or not, type amportal stop and then genzaptelconf. Reboot your system again, and you should be back in business with a rock solid Asterisk system. Be sure to read the comments below, especially Comment #5. There was a slight glitch with Music on Hold, but we've found the fix for that as well. Enjoy!


Nerd Vittles Demo Hot Line (courtesy of les.net). You now can take a number of Nerd Vittles projects for a test drive... by phone! The current demos include (1) MailCall for Asterisk with password 1111 (retrieve your email by phone), (2) NewsClips for Asterisk (latest news headlines in dozens of categories), (3) Weather Forecasts by U.S. Airport Code, and (4) Weather Forecasts by U.S. ZIP Code. You're not prompted for #4 yet, but it does work! Just call our number (shown in the left margin) and take any or all of them for a spin. The sound quality may not be perfect due to performance limitations of our ancient Intel 386 demo machine. But the price is right.

Nerd Vittles Fan Club Map. Thanks for visiting! We hope you'll take a second and add yourself to our Frappr World Map compliments of Google. In making your entry, you can choose an icon: guy, gal, nerd, or geek. For those that don't know the difference in the last two, here's the best definition we've found: "a nerd is very similar to a geek, but with more RAM and a faster modem." We're always looking for the best BBQ joints on the planet. So, if you know of one, add it to the map while you're visiting as well.


14 Comments

  1. In an older post by bubba we used the following for zaptel based on the kernel.

    make linux26
    make install
    make config

  2. Hi Ward

    Thanks for your article. I have created an all in one install script based on your article and it is available at

    http://www.script-trix.us/updatesource.htm

    It follows your suggestions closely although I have not had a chance to test it on a 1.2.3 machine. It does work quite well on a 2.0 box and I suspect it will do the same on a 1.2.3 box. Thanks for all of your hard work and the plug above!

    Tom

  3. Ward,

    Terrific instructions as usual! The only additional thing I had to do was comment out "exclude=kernel*" my CentOS-Base.repo and CentOS-Media.repo files to allow the new kernel to show up. (I wasn’t sure which file would do it so I just commented out both of them)

    Thanks!

    Ken

  4. Ward,

    The instructions worked fine for my Trixbox1.2.3 vmware installation with one exception… Recompiling to Asterisk 1.2.16 broke my music on hold.

    After several days of trying to find a way to fix it without any success, I did come up with a kludge that restores the operation of music on hold at least partially. It works, but the ring sound can be heard in the background while the music plays. I can live with that until someone comes up with a permanent fix. The fix is quite simple if you have a complete backup of your /usr/lib/asterisk/modules files prior to the asterisk recompile.

    You only need to restore one file.

    cd /usr/lib/asterisk/modules

    mv res_musiconhold.so res_musiconhold.so.old (just in case you need to restore it in the future)

    cp /bkpcopy/res_musiconhold.so res_musiconhold.so (copy your backup copy to the modules directory)

    amportal restart (your music on hold should now be working)

    Note: I suspect your comments about file dates of the modules also applies here, so make sure the file date on the copied file is current and not the original 10/2006 date or asterisk may not load properly.

    -lee-

    [WM: Actually, I think the problem lies in the MusicOnHold setup with freePBX. You were correct. It wasn’t working. Instead of replacing the module, try this first. Open freePBX Setup with your web browser. Then click MusicOnHold, then click Default under the Add Music Category listing, then click the Enable Random Play button, and then click the Red Bar to reload Asterisk. I think that will fix your problem without injecting the ring sounds in the background. For some reason, the /etc/asterisk/musiconhold_additional.conf file got trashed, and the steps I’ve outlined will restore it.]

  5. I just tried this with AAH 2.7 (with Asterisk 1.2.5), and it seems to work. I had to do the spinlock.h fix and then follow the steps to install 1.2.16 and Zaptel 1.2.15. I did not have to yum install the kernel source because it was already there. Also my MOH stopped working too until I reloaded the settings. Thanks for the tips!

  6. app_speech_utils.so is part of the Lumenvox connector with Asterisk (guess how I found out). To get my Lumenvox channel working again after following this update I had to follow the Asterisk instructions on the Lumenvox site (not the Trixbox specific ones) which included downloading a patch, applying it to the Asterisk source, and recompiling. This got me quite nervous until I figured it out.

  7. After upgrading per Ward’s instructions, the VM-intro prompt before the beep is no longer there. When you dial *extension, you immediately get the beep and no "Pls leave a msg after the tone. When done…." msg. Any ideas?

    I looked at the before and after upgrade logs and
    — Playing ‘vm-intro’ (language ‘en’) **this line no longer exists after upgrade***
    — Playing ‘beep’ (language ‘en’)

    [WM: You’re correct. Another quirk. Here’s a simple workaround. Open freePBX Setup with your web browser. Click General Settings. The fifth option on the page is Direct Dial to VoiceMail Message Type. Change the setting from Default to Unavailable. Save your change and click the Red Bar to reload Asterisk, and all should be well.]

  8. On Xeon machine the procedure didn’t work. The zaptel start fails with:

    Loading zaptel framework: [ OK ]
    Waiting for zap to come online: [ OK ]
    Loading zaptel hardware modules:
    Loading tor2: [ OK ]
    Loading wct4xxp: [ OK ]
    Loading wct1xxp: [ OK ]
    Loading wcte11xp: [ OK ]
    Loading wcfxo: [ OK ]
    Loading wctdm: [ OK ]
    Loading ztdummy: [ OK ]
    Loading r4fxo: FATAL: Error inserting r4fxo (/lib/modules/2.6.9-34.0.2.ELsmp/extra/r4fxo.ko): Unknown symbol in module, or unknown parameter (see dmesg)
    [FAILED]
    Loading r1t1: FATAL: Error inserting r1t1 (/lib/modules/2.6.9-34.0.2.ELsmp/extra/r1t1.ko): Unknown symbol in module, or unknown parameter (see dmesg)
    [FAILED]
    Loading rxt1: FATAL: Error inserting rxt1 (/lib/modules/2.6.9-34.0.2.ELsmp/extra/rxt1.ko): Unknown symbol in module, or unknown parameter (see dmesg)
    [FAILED]

    Any idea how to fix this ?
    Thanks

  9. Note. I did this update before per instructions. I needed to reapply it to a new machine instance. I am using the VMWare version.

    The files above have been upgraded at this point to zaptel-1.2.16.tar.gz and asterisk-1.2.16.tar.gz.

    I installed without doing the app_speech_utils.so rename.(I had to in the original release). The problem no longer exists. It appears the prior issues have been resolved as I did not have to do any changes. So I guess I am noting that the issues have been fixed and the update goes without problems. At least for me. Thanks

  10. Had the same issue as carol mentioned on my Nerd vittles asterisk running with vmware, on a Xeon….

    When shutting down the asterisks server a load of Zaptel errors are reported…

    However the upgrade of the actual asterisks has taken place and AsterisksInfo reports the updated 1.2.16…

    I just ignored the error as i dont use the zaptel module and its not affceted the SIP part of asterisks..

    However i have noticed that since the upgrade there has been a few jitters in calls, when the incoming voice is interpreted intermittently. Taking in to account bandwidth is not a problem.. Any ideas on how to fix this?

    Ambro

  11. I am running AAH 2.7 which I upgraded a while back to asterisk 1.2.14, the zaptel at the time, etc. The upgrade this time gave me an error during genzaptel_config.

    Removing zaptel module: ERROR: Module zaptel is in use by zttranscode
    [FAILED]

    Plus some other nasties.
    I found this link which showed a work around to get everything to unload properly.
    http://bugs.digium.com/view.php?id=7981
    Looks like I’m good to go – for the moment….

Comments are closed.