The following issue has been SUBMITTED. ====================================================================== https://bugtracker.iptel.org/view.php?id=62 ====================================================================== Reported By: tsearle Assigned To: ====================================================================== Project: SEMS Issue ID: 62 Category: DSM Reproducibility: always Severity: major Priority: normal Status: new ====================================================================== Date Submitted: 2011-09-20 16:59 CEST Last Modified: 2011-09-20 16:59 CEST ====================================================================== Summary: Port Depletion Exploit when using DSM without audio Description: When using the DSM script that is posted here: http://www.mail-archive.com/[email protected]/msg00470.html
I have found by accident that if you send a 200 OK to the INVITE w/o SDP SEMS will create an RTP port and will not free it at the end of the call. Even though this scenario shouldn't happen in the real world, it does make it possible to easily attack SEMS ====================================================================== Issue History Date Modified Username Field Change ====================================================================== 2011-09-20 16:59 tsearle New Issue ====================================================================== _______________________________________________ Semsdev mailing list [email protected] http://lists.iptel.org/mailman/listinfo/semsdev
