Hello,
as already announced from Daniel-Constantin Mierla on the lists last Wednesday
[1], we strongly advise you to update your Kamailio installation to the latest
stable release for security reasons.
All supported releases (4.4, 5.0. and 5.1) contains two important security
fixes related to the tmx and lcr module.
Technical details for the tmx issue:
A specially crafted REGISTER message with a malformed branch or From tag
triggers a so called "off-by-one heap overflow". This vulnerability existed in
the tmx module and makes it possible to remotely crash the Kamailio service.
If an attacker sends many of this messages this would lead to a Denial of
Service of the attacked infrastructure. This is especially critical as no
authentication for the remote source is needed.
This vulnerability was found from Sandro Gauci and Alfred Farrugia from the
Security Company Enable Security. Many thanks to them for finding the issue
and reporting it to us.
You find all the details including a proof of concept code in the published
security announcement from them:
https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio…
Technical details for the lcr issue:
A vulnerability existed in the lcr next_gw() function. It happens when
a very long R-URI username is sent with an INVITE due to an mistake in the
function error code handling. It can be triggered from a remote source, but
should be only from a trusted peer, as it expected that calls going
through lcr are authenticated by user or IP address.
This vulnerability was reported from an user in the Netherlands to us, thanks
as well for the bug report.
So far we are not aware of any public exploits of this errors. But as already
mentioned, we advise you to update your Kamailio servers to the latest stable
release as soon as possible, especially as the tmx vulnerability will reported
to more security lists later today.
Please address any detailed technical questions related to the two bugs to the
developer list at sr-dev(a)lists.kamailio.org .
In case of confidential remarks related to this or other security issues,
please address them to the Kamailio Management at management(a)kamailio.org .
Best regards,
Henning Westerholt
Kamailio Project
[1]
https://lists.kamailio.org/pipermail/sr-users/2018-March/100672.html