| Summary: | ASTERISK-00334: DoS attack: SIP "BYE" messages create channels, fill file descriptors | ||
| Reporter: | John Todd (jtodd) | Labels: | |
| Date Opened: | 2003-09-29 19:28:16 | Date Closed: | 2004-09-25 02:46:18 |
| Priority: | Blocker | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | I was able to create open file descriptors in the sip channel space by sending unexpected BYE messages to the Asterisk server from a SIP UA device. I expect that I could reproduce hundreds, or thousands, of these messages with a short Perl script. Each transmitted message occupies a file descriptor. On my (stock) system, this has a limit of 499 instances before the system will refuse to take any additional calls, and Asterisk will cease to function. Occupied channels to not auto-clear. This is almost certainly related to this bug: http://bugs.digium.com/bug_view_page.php?bug_id=0000055 However due to the denial of service attack potential, I feel that this should receive special handling. Additionally, I am uncertain if the REGISTER bug is actually linked to this bug. | ||
| Comments: | By: Mark Spencer (markster) 2003-09-29 23:56:09 I've added an untested fix (yes, it compiles). Can you confirm this solves it? By: John Todd (jtodd) 2003-09-30 03:51:12 Preliminary tests show that this seems to solve the problem. Testing has been very preliminary, and no other exhaustive tests have been performed on the patch other than the DoS case. By: Mark Spencer (markster) 2003-09-30 22:49:52 Fixed in CVS | ||