< Previous by Date	Date Index	Next by Date >
	Thread Index	Next in Thread >

[reSIProcate] Security hotfix (see crash after receiving invalid Via line)

From: Byron Campen <bcampen@xxxxxxxxxxxx>
Date: Fri, 3 Nov 2006 16:01:29 -0600

This bug allows an attacker to bring down a SIP element built on theresip stack by sending a request with a single empty Via header. Thisbug happens when we try to send a 400 to this malformed request. Whenthis is fixed, I propose we backport the fix to the resiprocate-1.0branch, and release resiprocate-1.0.1 Any objections? (Or, additionalbugs of this nature that have been found?)


Best regards,
Byron Campen

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Follow-Ups:
- Re: [reSIProcate] Security hotfix (see crash after receiving invalid Via line)
  - From: Jason Fischl

Prev by Date: Re: [reSIProcate] crash after receiving invalid Via line
Next by Date: Re: [reSIProcate] Security hotfix (see crash after receiving invalid Via line)
Previous by thread: Re: [reSIProcate] crash after receiving invalid Via line
Next by thread: Re: [reSIProcate] Security hotfix (see crash after receiving invalid Via line)
Index(es):
- Date
- Thread