This message was generated by the Security Alerts service ( Free Trial 14th of
August - 14th of September )
http://www.opensips.org/Resources/AlertsMain
*
SVN commit*:
http://opensips.svn.sourceforge.net/viewvc/opensips?view=revision&revision=9157
*Severity*: Critical, Security Risk
*Version* : 1.7, 1.8, trunk
*Affected modules* : Core, DNS Blacklist support
*Effect* : DNS Blacklists not evaluated in certain cases
*Affected scenarios*: When attempting to use DNS blacklists from the OpenSIPS
main
route, simply using a branch route will automatically drop all enabled
blacklists. The
dropping is permanent and global for the processing of that message ( for all
following scripting ),
thus leading to a big security risk, as blacklists are not evaluated, so you
could route to
forbidden destinations.
*Description:* The reason for this is that internally, OpenSIPS would reset
the DNS
blacklists each time a route was run, but this was obviously a bug, since the
DNS
blacklists set in the main route would not persist across all branches in case
a per-branch route was activated.
*Risks* : Even though some DNS Blacklists would have been set, OpenSIPS was
still
vulnerable to DNS injection attacks. Thus, updating is critical since this was a
major vulnerability
*Update* :
- if you have an SVN checkout,1.7,1.8 and trunk were fixed; so
update to a revision later than 9157 (trunk) or 9158 (1.8 branch) or 9159 (1.7
branch)
- if you have OpenSIPS from sources, download and apply the patch from
http://opensips.svn.sourceforge.net/viewvc/opensips/branches/1.8/action.c?view=patch&r1=9158&r2=9157&pathrev=9158
or see the attached patch;
- if using tarballs, they were already regenerated (and include the fix)
- If using the official Debian package (apt.opensips.org), they are also
re-generated including the fix.
--
Vlad Paiu
OpenSIPS Developer
http://www.opensips-solutions.com
--- action.c 2012/07/31 15:03:39 9157
+++ action.c 2012/07/31 15:06:29 9158
@@ -167,6 +167,7 @@
int run_top_route(struct action* a, struct sip_msg* msg)
{
+ static unsigned int bl_last_msg_id = 0;
int bk_action_flags;
int bk_rec_lev;
int ret;
@@ -177,7 +178,11 @@
action_flags = 0;
rec_lev = 0;
init_err_info();
- reset_bl_markers();
+
+ if (bl_last_msg_id != msg->id) {
+ bl_last_msg_id = msg->id;
+ reset_bl_markers();
+ }
resetsflag( (unsigned int)-1 );
_______________________________________________
Alerts mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/alerts
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
