< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index

Re: [reSIProcate] Security hotfix (see crash after receiving invalid Via line)

From: "Jason Fischl" <jason@xxxxxxxxxxxxxxx>
Date: Fri, 3 Nov 2006 14:18:08 -0800

I agree that we should backport to 1.0. I'll make the fix in main.

On 11/3/06, Byron Campen <bcampen@xxxxxxxxxxxx> wrote:

        This bug allows an attacker to bring down a SIP element built on the
resip stack by sending a request with a single empty Via header. This
bug happens when we try to send a 400 to this malformed request. When
this is fixed, I propose we backport the fix to the resiprocate-1.0
branch, and release resiprocate-1.0.1 Any objections? (Or, additional
bugs of this nature that have been found?)

Best regards,
Byron Campen

_______________________________________________
resiprocate-devel mailing list
resiprocate-devel@xxxxxxxxxxxxxxxxxxx
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel

References:
- [reSIProcate] Security hotfix (see crash after receiving invalid Via line)
  - From: Byron Campen

Prev by Date: [reSIProcate] Security hotfix (see crash after receiving invalid Via line)
Next by Date: Re: [reSIProcate] sip proxy
Previous by thread: [reSIProcate] Security hotfix (see crash after receiving invalid Via line)
Next by thread: [reSIProcate] Where is DialogUsageManager::post() method ?
Index(es):
- Date
- Thread