[asterisk-bugs] [JIRA] (ASTERISK-24666) Security Vulnerability: RTP not closed after sip call using unsupported codec
Matt Jordan (JIRA)
noreply at issues.asterisk.org
Wed Jan 28 17:20:38 CST 2015
[ https://issues.asterisk.org/jira/browse/ASTERISK-24666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matt Jordan updated ASTERISK-24666:
-----------------------------------
Affects Version/s: 12.8.0
Target Release Version/s: 12.8.1
13.1.1
> Security Vulnerability: RTP not closed after sip call using unsupported codec
> -----------------------------------------------------------------------------
>
> Key: ASTERISK-24666
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-24666
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_pjsip
> Affects Versions: 12.8.0, 13.1.0
> Environment: ubuntu 12.04; pjproject build from asterisk git repo.
> Reporter: Y Ateya
> Assignee: Mark Michelson
> Severity: Critical
> Labels: Security
> Target Release: 12.8.1, 13.1.1
>
> Attachments: pjsip.conf, pjsip_rtp.log.bz2, rtp_cleanup_3.diff, rtp_ports.txt.bz2
>
>
> This is similar to ASTERISK-23721; but on asterisk 13.1.0.
> Attached pjsip.conf
> To reproduce the bug:
> - Run watch -n1 "netstat -lp | grep aster"
> - Make a call using sip client (which don't support g729)
> - You will get messasge "No joint capabilities for 'audio' media stream between our configuration((g729)) and incoming SDP((ulaw|gsm|alaw))"
> - Check netstat result; you will find 2 RTP ports opened and not closed.
> - Allow ulaw; make same call from same sip client
> - ports will be opened for the call duration and then removed after hangup.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list