[asterisk-bugs] [Asterisk 0016226]: 1.4.26.3 security issue - Chinese IPs somehow are making calls without authentication
Asterisk Bug Tracker
noreply at bugs.digium.com
Wed Nov 11 18:04:23 CST 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=16226
======================================================================
Reported By: faxguy
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 16226
Category: Channels/chan_sip/General
Reproducibility: always
Severity: minor
Priority: normal
Status: new
Asterisk Version: 1.4.26.3
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-11-11 17:15 CST
Last Modified: 2009-11-11 18:04 CST
======================================================================
Summary: 1.4.26.3 security issue - Chinese IPs somehow are
making calls without authentication
Description:
This is from the CLI. I don't know who 113.105.15.56 is, but for at least
a week now they've (that whole Class C network) been making calls out
through my Asterisk system without authentication. I don't know how...
-- Executing [011441616604001 at default:1]
Dial("SIP/113.105.152.56-08e4b3a8",
"IAX2/obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001")
in new stack
-- Called
obfuscated-user:obfuscated-pass at voip-co2.teliax.com/011441616604001
-- Call accepted by 63.211.239.28 (format ulaw)
-- Format for call is ulaw
-- IAX2/63.211.239.28:4569-15287 is ringing
-- IAX2/63.211.239.28:4569-15287 stopped sounds
-- IAX2/63.211.239.28:4569-15287 answered SIP/113.105.152.56-08e4b3a8
-- Hungup 'IAX2/63.211.239.28:4569-15287'
== Spawn extension (default, 011441616604001, 1) exited non-zero on
'SIP/113.105.152.56-08e4b3a8'
To remedy this I have simply firewalled out their IP range. But I'd like
to fix the problem with the SIP driver directly.
======================================================================
----------------------------------------------------------------------
(0113695) qwell (administrator) - 2009-11-11 18:04
https://issues.asterisk.org/view.php?id=16226#c113695
----------------------------------------------------------------------
Did you read doc/security.txt in the source tree? It does not appear that
you have followed it.
Also, without seeing the incoming channel and the SIP debug, it will be
impossible to say what is happening here.
Issue History
Date Modified Username Field Change
======================================================================
2009-11-11 18:04 qwell Note Added: 0113695
======================================================================
More information about the asterisk-bugs
mailing list