Details
Description
An attacker can use all available open FD's with sipp INVITE requests. It seems this attack only requires knowledge of an extension on an asterisk system that accepts "public" dial-in.
sipp 192.168.1.1:5060 -s 100 -sf uac.xml -p 5066 -r 1000 -m 1000
Asterisk will respond with code 422 for all 1000 INVITE's. This will leak 1000 channels, and when using timerfd that's 5000 open file descriptors. The file descriptors cannot be released without restarting asterisk, so intrusion detection system could be by-passed by sending the INVITE's slowly.
I haven't yet checked to see if this can be exploited using a permitted Session Expires value.
Issue Links
- duplicates
-
ASTERISK-14731
[patch] sip session timer: Does not work if initial INVITE min-se timer is too small
-
- Closed
-
- is a clone of
Note this issue was found using testsuite patched with
ASTERISK-23369. tests/channels/SIP/session_timers/uas_minimum_se ended with chancount != 0, but with no threads for active channels. uac.xml is derived from that test.