AST-2009-006 breaks IAX2
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Sep 6 04:23:02 UTC 2009
Hi
Yet Another Asterisk security fix:
http://downloads.asterisk.org/pub/security/AST-2009-006.html
Quoting from it:
Summary: IAX2 Call Number Resource Exhaustion
Nature of Advisory: Denial of Service
Susceptibility: Remote unauthenticated sessions
Description:
The IAX2 protocol uses a call number to associate messages with the call
that they belong to. However, the protocol defines the call number field
in messages as a fixed size 15 bit field. So, if all call numbers are in
use, no additional sessions can be handled.
A call number gets created at the start of an IAX2 message exchange. So,
an attacker can send a large number of messages and consume the call
number space. The attack is also possible using spoofed source IP
addresses as no handshake is required before a call number is assigned.
The fix for that has been to add an extra message exchange before
allocating a call number. This, sadly, breaks innteroperability.
See also http://downloads.asterisk.org/pub/security/IAX2-security.html
for the specification.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the Pkg-voip-maintainers
mailing list