Summary: | ASTERISK-27337: chan_sip: Security vulnerability with client code header (revisited) | ||||
Reporter: | Richard Mudgett (rmudgett) | Labels: | |||
Date Opened: | 2017-10-12 17:04:31 | Date Closed: | 2017-11-08 08:26:30.000-0600 | ||
Priority: | Major | Regression? | |||
Status: | Closed/Complete | Components: | |||
Versions: | 13.17.2 14.6.2 15.0.0 | Frequency of Occurrence | Constant | ||
Related Issues: |
| ||||
Environment: | Attachments: | ||||
Description: | The fix for ASTERISK-26897 didn't go quite far enough. It fixed setting the userfield for the CDR's Party A but didn't fix the same problem when the CDR's Party B userfield is set. | ||||
Comments: | By: Corey Farrell (coreyfarrell) 2017-10-20 11:29:34.935-0500 [~rmudgett]: Are you working on this issue? If not I can patch this so it can be fixed in the next security release. By: Richard Mudgett (rmudgett) 2017-10-20 11:33:21.481-0500 Yes. I already have patches. I haven't gotten them up on gerrit yet. By: Friendly Automation (friendly-automation) 2017-11-08 08:26:31.018-0600 Change 7126 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7126|https://gerrit.asterisk.org/7126] By: Friendly Automation (friendly-automation) 2017-11-08 08:26:43.370-0600 Change 7133 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7133|https://gerrit.asterisk.org/7133] By: Friendly Automation (friendly-automation) 2017-11-08 08:26:59.492-0600 Change 7125 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7125|https://gerrit.asterisk.org/7125] By: Friendly Automation (friendly-automation) 2017-11-08 08:27:10.565-0600 Change 7127 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7127|https://gerrit.asterisk.org/7127] By: Friendly Automation (friendly-automation) 2017-11-08 08:27:21.400-0600 Change 7128 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7128|https://gerrit.asterisk.org/7128] By: Friendly Automation (friendly-automation) 2017-11-08 08:27:29.841-0600 Change 7129 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7129|https://gerrit.asterisk.org/7129] By: Friendly Automation (friendly-automation) 2017-11-08 08:27:38.819-0600 Change 7130 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7130|https://gerrit.asterisk.org/7130] By: Friendly Automation (friendly-automation) 2017-11-08 08:27:47.725-0600 Change 7131 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7131|https://gerrit.asterisk.org/7131] By: Friendly Automation (friendly-automation) 2017-11-08 08:27:56.398-0600 Change 7132 merged by George Joseph: AST-2017-010: Fix cdr_object_update_party_b_userfield_cb() buf overrun [https://gerrit.asterisk.org/7132|https://gerrit.asterisk.org/7132] |