[OpenSER-Users] my small security breach REGISTER

Carsten Bock lists at bock.info
Thu Sep 6 12:29:22 CEST 2007 

Hi Marc,

The problem is not the contact, but the From-Header. The From-Header
contains the username, which registers. The Contact Header (according to
RFC 3261) must be a valid URI, that's all (e.g. some CPE's put
sip:<ip-address>:line=xyz in contact).

Carsten

Am Donnerstag, den 06.09.2007, 12:01 +0200 schrieb Marc LEURENT:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I have a security matter with my configuration (default one), it's possible to register using login/password and to set anything in the contact field.
> So if you have an account 106/password, it's possible to be 105 in the location database!
> 
> How is it possible to deny that kind of matter..? Thanks
> 
> Is it useful to use: method_filtering of the REGISTRAR module
> Or is it better to so something whith the values below and a compare function??
> $ct - reference to body of contact header
> $ar - realm from Authorization or Proxy-Authorization header
> $au - username from Authorization or Proxy-Authorization header
> 
> if ($ct != $au@$ar) {
> 	sl_send_reply("403", "User and login must be the same");
> };
> 
> Best Regards,
> 
> Marc LEURENT
> 
> 
> #
> U 82.127.0.79:1045 -> 88.191.45.91:5060
> REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0.
> Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420.
> From: <sip:105 at sd-7501.dedibox.fr:5060;user=phone>;tag=c0a80101-38c0e7.
> To: <sip:105 at sd-7501.dedibox.fr:5060;user=phone>.
> Call-ID: 29eb6e9-c0a80101-5-17 at 192.168.95.70.
> CSeq: 90 REGISTER.
> Max-Forwards: 70.
> Expires: 3600.
> Contact: <sip:105 at 82.127.0.79:1046;user=phone>.
> Authorization: Digest username="106", realm="sd-7501.dedibox.fr", nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", uri="sip:sd-7501.dedibox.fr",
> response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, cnonce="38c102", nc=00000001.
> User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4.
> Allow-Events: refer,dialog,message-summary,check-sync,talk,hold.
> Content-Length: 0.
> .
> 
> 
>         AOR:: 105
>                 Contact:: sip:105 at 82.127.0.79:1046;user=phone Q=
>                         Expires:: 194
>                         Callid:: 29eb6e9-c0a80101-5-17 at 192.168.95.70
>                         Cseq:: 92
>                         User-agent:: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4
>                         Received:: sip:82.127.0.79:1045
>                         State:: CS_SYNC
>                         Flags:: 0
>                         Cflag:: 192
>                         Socket:: udp:88.191.45.91:5060
>                         Methods:: 4294967295
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFG39AIqjpLE0HiOBYRAiUKAJ9Ilv+Zpbzw89tqWgwmHyVjU/DXugCgjEh8
> 5XQKEAeiF/L4RWszGC2/yzQ=
> =SXE9
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> Users mailing list
> Users at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/users

More information about the Users mailing list