Hello,
as already announced from Daniel-Constantin Mierla on the lists last Wednesday [1], we strongly advise you to update your Kamailio installation to the latest stable release for security reasons.
All supported releases (4.4, 5.0. and 5.1) contains two important security fixes related to the tmx and lcr module.
Technical details for the tmx issue:
A specially crafted REGISTER message with a malformed branch or From tag triggers a so called "off-by-one heap overflow". This vulnerability existed in the tmx module and makes it possible to remotely crash the Kamailio service.
If an attacker sends many of this messages this would lead to a Denial of Service of the attacked infrastructure. This is especially critical as no authentication for the remote source is needed.
This vulnerability was found from Sandro Gauci and Alfred Farrugia from the Security Company Enable Security. Many thanks to them for finding the issue and reporting it to us.
You find all the details including a proof of concept code in the published security announcement from them:
https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-...
Technical details for the lcr issue:
A vulnerability existed in the lcr next_gw() function. It happens when a very long R-URI username is sent with an INVITE due to an mistake in the function error code handling. It can be triggered from a remote source, but should be only from a trusted peer, as it expected that calls going through lcr are authenticated by user or IP address.
This vulnerability was reported from an user in the Netherlands to us, thanks as well for the bug report.
So far we are not aware of any public exploits of this errors. But as already mentioned, we advise you to update your Kamailio servers to the latest stable release as soon as possible, especially as the tmx vulnerability will reported to more security lists later today.
Please address any detailed technical questions related to the two bugs to the developer list at sr-dev@lists.kamailio.org .
In case of confidential remarks related to this or other security issues, please address them to the Kamailio Management at management@kamailio.org .
Best regards,
Henning Westerholt Kamailio Project
[1] https://lists.kamailio.org/pipermail/sr-users/2018-March/100672.html