[sr-dev] [tracker] Task opened: Problem with Max-Forwards header parsing
sip-router
admin at sip-router.org
Tue Apr 17 19:39:15 CEST 2012
THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below.
User who did this - Ladislav Jurak (ladis)
Attached to Project - sip-router
Summary - Problem with Max-Forwards header parsing
Task Type - Bug Report
Category - Core
Status - Assigned
Assigned To - Andrei Pelinescu-Onciul
Operating System - Linux
Severity - Medium
Priority - Normal
Reported Version - Development
Due in Version - Undecided
Due Date - Undecided
Details - Hello,
I am testing some SIP DoS attacks vulnerabilities on Kamailio v3.2 server and I found in an loop based attack this thing:
When Max-Forwards header is set to some text value that server cannot parse or a numeric value higher than 99999, server only copy the Max-Forwards header and forwards the message with the same malformed Max-Forwards value.
Server logs this error - "ERROR: maxfwd [mf_funcs.c:80]: unable to parse the max forwards number" but does not drop the message.
Thus message can be forwarded infinitely. This can by exploitable in loop based attacks.
I think that message with malformed Max-Forward header that server cannot parse should be dropped, or at least reset the Max-Forward header to some defined value.
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=214
You are receiving this message because you have requested it from the Flyspray bugtracking system. If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.
More information about the sr-dev
mailing list