Condorlab

Kamailio – Vulnerability an invalid header causes a segmentation fault and crashes


Advisory IDRSN-SIP-1609


Vulnerability Information

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with an invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags. (An additional error is present in the check_via_address core function: this function also misses input validation.) This could result in denial of service and potentially the execution of arbitrary code.


Release Date

2018-09-07 00:00:00


Technical Information

Crafted SIP message with a n invalid Via header causes a segmentation fault and crashes Kamailio. The reason is missing input validation in the crcitt_string_array core function for calculating a CRC hash for To tags.


Solutions

The UCTM solution from RedShift Networks provides the industry’s first complete security solution developed to secure VOIP networks, endpoints and applications. His research team Condor-Labs.com is constantly looking for new attack patterns, advanced penetration testing methods, vulnerability identification and deployment of new signatures for constantly subscribed clients. For more information visit www.redshiftnetworks.com


External Resources

Common Vulnerabilities and Exposures (CVE)

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16657
https://www.debian.org/security/2018/dsa-4292
https://skalatan.de/blog/advisory-hw-2018-06
https://lists.debian.org/debian-lts-announce/2018/09/msg00013.html