Am Montag, 30. Juli 2018, 09:53:39 CEST schrieb Henning Westerholt:
I want to highlight that the last stable versions (for
the two maintained
series: 5.0 and 5.1) include fixes for an security issues that can crash a
running instance of Kamailio, therefore it is strongly recommended to
upgrade.
[..]
Hello,
an addition to this security announcement related to a possible workaround:
For older Kamailio version and in case you need more time for an update you
can add the following logic on top of to your `request_route` block in your
kamailio configuration file. This will drop this malicious message and prevent
its processing.
if($(hdr(To)[1]) != $null) {
xlog("second To header not null - dropping message");
drop;
}
The announcement on
kamailio.org has been also updated to include this
workaround:
https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamai…
Best regards,
Henning
--
Henning Westerholt
https://skalatan.de/blog/