Am Montag, 30. Juli 2018, 09:53:39 CEST schrieb Henning Westerholt:
I want to highlight that the last stable versions (for the two maintained series: 5.0 and 5.1) include fixes for an security issues that can crash a running instance of Kamailio, therefore it is strongly recommended to upgrade. [..]
Hello,
an addition to this security announcement related to a possible workaround:
For older Kamailio version and in case you need more time for an update you can add the following logic on top of to your `request_route` block in your kamailio configuration file. This will drop this malicious message and prevent its processing.
if($(hdr(To)[1]) != $null) { xlog("second To header not null - dropping message"); drop; }
The announcement on kamailio.org has been also updated to include this workaround:
https://www.kamailio.org/w/2018/07/kamailio-security-announcement-for-kamail...
Best regards,
Henning