Fred,
OK. I will try to produce myself on an older version of OpenSips and if I
succeed there I will try on Kamailio and report back.
On Wed, Mar 15, 2023 at 4:58 PM Fred Posner <fred(a)pgpx.io> wrote:
Just to add to what Henning has said… the report is
very interesting. I
did spot check a few of the examples, as Sandro excellently documented how
to reproduce.
The reproduction (such as what you posted with param_parser did not
produce the same crash as reported. If you can reproduce something here,
please let us know (issue would be best) so it can be handled and
documented.
Thanks,
—fred
On Mar 15, 2023, at 3:56 PM, Henning Westerholt
<hw(a)gilawa.com> wrote:
Hello,
thanks for sharing this. What was done in the security audit from them
is
something that was done from many people already done in the past for
the Kamailio project. Several people presented about it at different
conferences.
Many modules are also not similar due to the
different ways both
projects took (e.g., some modules are only present for one of
the projects,
Kamailio integrated many changes from the SER projects etc..).
That said, its probably still make sense to
review the applicable parts
and make sure that it does not affect the current
code.
Cheers,
Henning
-- Henning Westerholt –
https://skalatan.de/blog/
Kamailio services –
https://gilawa.com
From: Dovid Bender <dovid(a)telecurve.com>
Sent: Mittwoch, 15. März 2023 20:20
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Subject: [SR-Users] Issues/Vulnerabilities in OpenSipS that may affect
Kamailio
Hi All,
OpenSipS just released an update to the audit that was done to OpenSips
[1]. From
my basic coding skills it seems like the changes that were done
by the OpenSipS project were not implemented in Kamailio which means that
Kamailio is potentially vulnerable? For example you can compare the
changes made by OpenSips project here [2] and the Kamailio code here [3]
I am not active much on the list so please
don't roast me if I am
completely wrong here.
https://github.com/OpenSIPS/opensips/commit/dd9141b6f67d7df4072f3430f628d4b…
[3]
https://github.com/kamailio/kamailio/blob/master/src/core/parser/digest/par…
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the
sender!
Edit mailing list options or unsubscribe:
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-leave(a)lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to
the sender!
Edit mailing list options or unsubscribe: