[asterisk-bugs] [JIRA] (ASTERISK-26496) GROUP_COUNT or GROUP_MATCH_COUNT may report an invalid number of channnels when channels are established nearly simultaneously

Daniel Journo (JIRA) noreply at issues.asterisk.org
Fri Jan 6 07:21:10 CST 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-26496?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=234479#comment-234479 ] 

Daniel Journo commented on ASTERISK-26496:
------------------------------------------

I have a hacker exploiting this. I'm working on discovering how the hacker is obtaining the sip login details, but this issue is being exploited in order to make an unlimited number of calls.

Also, the peer's call-limit seems to be being ignored.

> GROUP_COUNT or GROUP_MATCH_COUNT may report an invalid number of channnels when channels are established nearly simultaneously
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ASTERISK-26496
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26496
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Functions/General
>    Affects Versions: 11.22.0, 14.1.1
>         Environment: x86_64 Debian 7 based Asterisk server. Asterisk compiled from sources.
>            Reporter: Victor Villarreal
>         Attachments: issue_dialplan.txt, issue_full.txt
>
>
> When we fired several calls trough a SIP trunk simultaneously, the GROUP_COUNT and the GROUP_MATCH_COUNT could return the same number of calls on that trunk.
> You can found more info on the issue_full.txt (full log extract) and the issue_dialplan files.
> [Edit by Rusty - You can reproduce easily with the following dialplan]
> {noformat}
> [from-internal]
> exten = 101,1,Dial(Local/s at group-dial&Local/s at group-dial)
> [group-dial]
> exten = s,1,NoOp(Group count is: ${GROUP_COUNT(1)} )
> same = n,Set(GROUP()=1)
> same = n,Wait(45)
> same = n,Hangup()
> {noformat}
> Making several calls from one or two phones to 101 will result in the GROUP_COUNT occasionally being reported as the same (for the same group) for a pair of channels.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list