[asterisk-bugs] [Asterisk 0010421]: Potential for DoS attack?: sip history recording can go on forever if SIP dialog never expires or is destroyed

noreply at bugs.digium.com noreply at bugs.digium.com
Thu Aug 9 13:00:21 CDT 2007 

The following issue has been ASSIGNED. 
====================================================================== 
http://bugs.digium.com/view.php?id=10421 
====================================================================== 
Reported By:                jmoldenhauer
Assigned To:                russell
====================================================================== 
Project:                    Asterisk
Issue ID:                   10421
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     assigned
Asterisk Version:           1.4.10  
SVN Branch (only for SVN checkouts, not tarball releases): N/A  
SVN Revision (number only!): 78416 
Disclaimer on File?:        N/A 
Request Review:              
====================================================================== 
Date Submitted:             08-09-2007 12:54 CDT
Last Modified:              08-09-2007 13:00 CDT
====================================================================== 
Summary:                    Potential for DoS attack?: sip history recording can
go on forever if SIP dialog never expires or is destroyed
Description: 
When SIP history is being recorded (which is pretty much always in the
current version even when it is turned off, see related issue 10418), it is
possible to exhaust system memory simply by generating lots of history
events for the same SIP dialog if the dialog never expires or is
destroyed.

I believe that a correctly written SIP UA could exploit this problem to
cause a DoS attack by causing a significant amount of memory to be consumed
by the SIP history recording interface.

It is unknown to me whether it could be remotely exploited by anonymous
users; I believe you would have to be authenticated either by IP or by
username/secret.

I have only confirmed that this is a problem for SUBSCRIBE packets; it is
unknown if this could be a problem for other SIP packets.
====================================================================== 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
08-09-07 13:00  russell        Status                   new => assigned     
08-09-07 13:00  russell        Assigned To               => russell         
======================================================================

More information about the asterisk-bugs mailing list