[asterisk-bugs] [JIRA] (ASTERISK-26348) chan_sip: File descriptors leak (UDP sockets) also triggered by same-callid
Rusty Newton (JIRA)
noreply at issues.asterisk.org
Mon Oct 31 13:27:10 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26348?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rusty Newton closed ASTERISK-26348.
-----------------------------------
Resolution: Fixed
Removed viewing restrictions and closing it out.
Correct, the advisory was updated: http://downloads.asterisk.org/pub/security/AST-2016-007.html
> chan_sip: File descriptors leak (UDP sockets) also triggered by same-callid
> ---------------------------------------------------------------------------
>
> Key: ASTERISK-26348
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26348
> Project: Asterisk
> Issue Type: Bug
> Security Level: None
> Components: Channels/chan_sip/General
> Reporter: Walter Doekes
> Attachments: oinv-i40X-oinv-w-auth.xml
>
>
> re: http://downloads.asterisk.org/pub/security/AST-2016-007.html
> *The good news:*
> ASTERISK-26272 fixes this issue.
> *The bad news:*
> Setting {{allowoverlap=no}} is not sufficient to close the RTP leak.
> You can trigger the leak as well by setting up a second call with the same call-id before ACKing the 404 of the first call.
> Example SIPp XML is attached.
> It expects the extension {{whatever}} to not exist (return 404).
> For {{allowguest=yes}} the scenario is sufficient. For authenticated sessions you'll need to pass {{-s}} and {{-ap}} to SIPp.
> Cheers,
> Walter Doekes
> OSSO B.V.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list