[asterisk-bugs] [JIRA] (ASTERISK-23373) [patch]Security: Open FD exhaustion with chan_sip Session-Timers
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Fri Mar 28 13:52:43 CDT 2014
[ https://issues.asterisk.org/jira/browse/ASTERISK-23373?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-23373:
-----------------------------------
Target Release Version/s: 1.8.27.0
> [patch]Security: Open FD exhaustion with chan_sip Session-Timers
> ----------------------------------------------------------------
>
> Key: ASTERISK-23373
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-23373
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Affects Versions: SVN, 1.8.25.0, 11.7.0, 12.0.0
> Reporter: Corey Farrell
> Assignee: Kinsey Moore
> Labels: Security
> Target Release: 1.8.26.1, 1.8.27.0, 11.8.1, 12.1.1
>
> Attachments: chan_sip-earlier-st-11.patch, chan_sip-earlier-st-1.8.patch, chan_sip-earlier-st.patch, uac.xml
>
>
> An attacker can use all available open FD's with sipp INVITE requests. It seems this attack only requires knowledge of an extension on an asterisk system that accepts "public" dial-in.
> {noformat}
> sipp 192.168.1.1:5060 -s 100 -sf uac.xml -p 5066 -r 1000 -m 1000
> {noformat}
> Asterisk will respond with code 422 for all 1000 INVITE's. This will leak 1000 channels, and when using timerfd that's 5000 open file descriptors. The file descriptors cannot be released without restarting asterisk, so intrusion detection system could be by-passed by sending the INVITE's slowly.
> I haven't yet checked to see if this can be exploited using a permitted Session Expires value.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list