Bug#389252: twinkle: PRACK messages should be authenticated
Mikael Magnusson
mikma at users.sourceforge.net
Sun Sep 24 18:40:58 UTC 2006
Package: twinkle
Version: 1:0.8.1-1
Severity: normal
Twinkle fails to respond to Proxy-Authentication challenges of PRACK
requests.
According to RFC 3262:
9 Security Considerations
The PRACK request can be injected by attackers to force
retransmissions of reliable provisional responses to cease. As these
responses can convey important information, PRACK messages SHOULD be
authenticated as any other request. Authentication procedures are
specified in RFC 3261.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (750, 'testing'), (671, 'stable'), (500, 'testing'), (30, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11-vserver-k7
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Versions of packages twinkle depends on:
ii kdelibs4c2a 4:3.5.4-3 core libraries and binaries for al
ii libasound2 1.0.12-1 ALSA library
ii libboost-regex1.33.1 1.33.1-4 regular expression library for C++
ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries
ii libccrtp1-1.4-0 1.4.1-2 Common C++ class framework for RTP
ii libcommoncpp2-1.4-0 1.4.3-1 A GNU package for creating portabl
ii libgcc1 1:4.1.1-13 GCC support library
ii libgsm1 1.0.10-13 Shared libraries for GSM speech co
ii libqt3-mt 3:3.3.6-4 Qt GUI Library (Threaded runtime v
ii libsndfile1 1.0.16-1 Library for reading/writing audio
ii libspeex1 1.1.12-2 The Speex Speech Codec
ii libstdc++6 4.1.1-13 The GNU Standard C++ Library v3
ii libx11-6 2:1.0.0-8 X11 client-side library
ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar
ii libxml2 2.6.26.dfsg-3 GNOME XML library
ii zlib1g 1:1.2.3-13 compression library - runtime
twinkle recommends no packages.
-- no debconf information
More information about the Pkg-voip-maintainers
mailing list