[SR-Users] Security announcement related to Kamailio

Henning Westerholt hw at kamailio.org
Sat Aug 4 11:52:09 CEST 2018

Am Montag, 30. Juli 2018, 09:53:39 CEST schrieb Henning Westerholt:
> I want to highlight that the last stable versions (for the two maintained
> series: 5.0 and 5.1) include fixes for an security issues that can crash a
> running instance of Kamailio, therefore it is strongly recommended to
> upgrade.
> [..]


an addition to this security announcement related to a possible workaround:

For older Kamailio version and in case you need more time for an update you 
can add the following logic on top of to your `request_route` block in your 
kamailio configuration file. This will drop this malicious message and prevent 
its processing.

if($(hdr(To)[1]) != $null) {
    xlog("second To header not null - dropping message");

The announcement on kamailio.org has been also updated to include this 


Best regards,


Henning Westerholt

More information about the sr-users mailing list