[asterisk-bugs] [JIRA] (ASTERISK-29434) Asterisk reveals pjproject version in STUN packets
Jeremy Lainé (JIRA)
noreply at issues.asterisk.org
Wed May 19 10:24:17 CDT 2021
Jeremy Lainé created ASTERISK-29434:
---------------------------------------
Summary: Asterisk reveals pjproject version in STUN packets
Key: ASTERISK-29434
URL: https://issues.asterisk.org/jira/browse/ASTERISK-29434
Project: Asterisk
Issue Type: Improvement
Security Level: None
Components: Resources/res_rtp_asterisk
Affects Versions: 18.4.0, 16.18.0
Reporter: Jeremy Lainé
Currently, Asterisk reports the pjproject version in any STUN packets it sends in the form of a SOFTWARE attribute, for example "pjnath-2.10.0". This may not be desirable in a production environment for security reasons.
In `pj_stun_config_init()`, the software name is initialized to PJNATH_STUN_SOFTWARE_NAME but this can be overriden, or even set to an empty string to not send any SOFTWARE attribute at all.
I'd be happy to provide a patch, but would appreciate some guidance: do we want to make this configurable, or would removing the SOFTWARE attribute be acceptable?
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list