THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.
A new Flyspray task has been opened. Details are below.
User who did this - Ladislav Jurak (ladis)
Attached to Project - sip-router
Summary - Problem with Max-Forwards header parsing
Task Type - Bug Report
Category - Core
Status - Assigned
Assigned To - Andrei Pelinescu-Onciul
Operating System - Linux
Severity - Medium
Priority - Normal
Reported Version - Development
Due in Version - Undecided
Due Date - Undecided
Details - Hello,
I am testing some SIP DoS attacks vulnerabilities on Kamailio v3.2 server and I found in
an loop based attack this thing:
When Max-Forwards header is set to some text value that server cannot parse or a numeric
value higher than 99999, server only copy the Max-Forwards header and forwards the message
with the same malformed Max-Forwards value.
Server logs this error - "ERROR: maxfwd [mf_funcs.c:80]: unable to parse the max
forwards number" but does not drop the message.
Thus message can be forwarded infinitely. This can by exploitable in loop based attacks.
I think that message with malformed Max-Forward header that server cannot parse should be
dropped, or at least reset the Max-Forward header to some defined value.
More information can be found at the following URL:
http://sip-router.org/tracker/index.php?do=details&task_id=214
You are receiving this message because you have requested it from the Flyspray bugtracking
system. If you did not expect this message or don't want to receive mails in future,
you can change your notification settings at the URL shown above.