[asterisk-bugs] [Asterisk 0017276]: bypass "contactdeny" with nat=yes
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon May 3 09:56:57 CDT 2010
The following issue has been SUBMITTED.
======================================================================
https://issues.asterisk.org/view.php?id=17276
======================================================================
Reported By: klaus3000
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 17276
Category: Channels/chan_sip/Registration
Reproducibility: always
Severity: minor
Priority: normal
Status: new
Asterisk Version: SVN
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): trunk
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2010-05-03 09:56 CDT
Last Modified: 2010-05-03 09:56 CDT
======================================================================
Summary: bypass "contactdeny" with nat=yes
Description:
Hi!
chan_sip's "contactdeny" feature screens the "to be registered contact".
In case of nat=yes it should not use the address information from the
Contact header (which is not used at all for routing), but the source IP
address of the request.
Thus, if nat=yes and a client sends a request from a denied IP address
(e.g. by spoofing the src-IP address) it can bypass the screening.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2010-05-03 09:56 klaus3000 New Issue
2010-05-03 09:56 klaus3000 Asterisk Version => SVN
2010-05-03 09:56 klaus3000 Regression => No
2010-05-03 09:56 klaus3000 SVN Branch (only for SVN checkouts, not tarball
releases) => trunk
======================================================================
More information about the asterisk-bugs
mailing list