[asterisk-bugs] [JIRA] (ASTERISK-23139) Security: Remote crash in res_pjsip_exten_state
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Mon Mar 10 16:21:06 CDT 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-23139?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-23139:
-----------------------------------
Target Release Version/s: 12.1.0
Security: (was: Reporter, Bug Marshals, and Digium)
> Security: Remote crash in res_pjsip_exten_state
> -----------------------------------------------
>
> Key: ASTERISK-23139
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-23139
> Project: Asterisk
> Issue Type: Bug
> Components: Resources/res_pjsip_exten_state
> Affects Versions: 12.0.0
> Reporter: Mark Michelson
> Severity: Critical
> Labels: Security
> Target Release: 12.1.0
>
> Attachments: ASTERISK-23139.patch
>
>
> It is possible to crash Asterisk by sending a SUBSCRIBE request to Asterisk for the presence Event that has no Accept headers.
> This is because res_pjsip_exten_state.c was originally written with the (correct) assumption that res_pjsip_pubsub.c would filter out any SUBSCRIBE requests that had no Accept headers. However, when handles_default_accept support was added, res_pjsip_exten_state.c did not have the assumption removed.
> For the person that writes the security report, this can only be exercised by configured endpoints in PJSIP, so this can't be remotely triggered by just anybody.
> I have already created a patch that fixes the issue. I will upload it here.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list