[Home]

Summary:ASTERISK-27337: chan_sip: Security vulnerability with client code header (revisited)
Reporter:Richard Mudgett (rmudgett)Labels:
Date Opened:2017-10-12 17:04:31Date Closed:2017-11-08 08:26:30.000-0600
Priority:MajorRegression?
Status:Closed/CompleteComponents:
Versions:13.17.2 14.6.2 15.0.0 Frequency of
Occurrence
Constant
Related
Issues:
is related toASTERISK-26897 chan_sip: Security vulnerability with client code header
Environment:Attachments:
Description:The fix for ASTERISK-26897 didn't go quite far enough. It fixed setting the userfield for the CDR's Party A but didn't fix the same problem when the CDR's Party B userfield is set.
Comments:By: Corey Farrell (coreyfarrell) 2017-10-20 11:29:34.935-0500

[~rmudgett]: Are you working on this issue?  If not I can patch this so it can be fixed in the next security release.

By: Richard Mudgett (rmudgett) 2017-10-20 11:33:21.481-0500

Yes.  I already have patches.  I haven't gotten them up on gerrit yet.

By: Friendly Automation (friendly-automation) 2017-11-08 08:26:31.018-0600

Change 7126 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7126|https://gerrit.asterisk.org/7126]

By: Friendly Automation (friendly-automation) 2017-11-08 08:26:43.370-0600

Change 7133 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7133|https://gerrit.asterisk.org/7133]

By: Friendly Automation (friendly-automation) 2017-11-08 08:26:59.492-0600

Change 7125 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7125|https://gerrit.asterisk.org/7125]

By: Friendly Automation (friendly-automation) 2017-11-08 08:27:10.565-0600

Change 7127 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7127|https://gerrit.asterisk.org/7127]

By: Friendly Automation (friendly-automation) 2017-11-08 08:27:21.400-0600

Change 7128 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7128|https://gerrit.asterisk.org/7128]

By: Friendly Automation (friendly-automation) 2017-11-08 08:27:29.841-0600

Change 7129 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7129|https://gerrit.asterisk.org/7129]

By: Friendly Automation (friendly-automation) 2017-11-08 08:27:38.819-0600

Change 7130 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7130|https://gerrit.asterisk.org/7130]

By: Friendly Automation (friendly-automation) 2017-11-08 08:27:47.725-0600

Change 7131 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7131|https://gerrit.asterisk.org/7131]

By: Friendly Automation (friendly-automation) 2017-11-08 08:27:56.398-0600

Change 7132 merged by George Joseph:
AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun

[https://gerrit.asterisk.org/7132|https://gerrit.asterisk.org/7132]