[sr-dev] Security announcement related to Kamailio
Henning Westerholt
hw at kamailio.org
Sat Aug 4 11:52:09 CEST 2018
Am Montag, 30. Juli 2018, 09:53:39 CEST schrieb Henning Westerholt:
> I want to highlight that the last stable versions (for the two maintained
> series: 5.0 and 5.1) include fixes for an security issues that can crash a
> running instance of Kamailio, therefore it is strongly recommended to
> upgrade.
> [..]
Hello,
an addition to this security announcement related to a possible workaround:
For older Kamailio version and in case you need more time for an update you
can add the following logic on top of to your `request_route` block in your
kamailio configuration file. This will drop this malicious message and prevent
its processing.
if($(hdr(To)[1]) != $null) {
xlog("second To header not null - dropping message");
drop;
}
The announcement on kamailio.org has been also updated to include this
workaround:
https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamailio-core/
Best regards,
Henning
--
Henning Westerholt
https://skalatan.de/blog/
More information about the sr-dev
mailing list