The FreeSWITCH team has just published version v1.10.7 which fixes a number of security issues that we reported. If you use FreeSWITCH, please do upgrade to get these security updates.
To learn about the background work that went into getting these security bugs squashed, follow Sandro’s talk called Killing bugs … one vulnerability report at a time. This will be presented at at ClueCon on Thursday, October 28th.
Here are the titles of each advisory and a very short summary:
FreeSWITCH vulnerable to SIP digest leak for configured gateways
Full abuse of this issue could lead to credential theft for SIP gateways configured on a vulnerable FreeSWITCH. We call this attack digest leak - it is not easy to describe in one sentence so please do read our advisory.
FreeSWITCH susceptible to Denial of Service via SIP flooding
We discovered that FreeSWITCH could be made to run out of memory and crash by using our SIPVicious PRO flood tool. Our advisory can be read here.
FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing
FreeSWITCH did not authenticate MESSAGE requests by default which can be a security problem. Our advisory can be read here.
FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default
Similar to the previous issue, FreeSWITCH did not authenticate SUBSCRIBE requests which be a privacy concern. Our advisory can be read here.
FreeSWITCH susceptible to Denial of Service via invalid SRTP packets
When handling SRTP calls, FreeSWITCH was susceptible to a DoS where calls could be terminated by remote attackers. This attack could be done continuously, thus denying encrypted calls during the attack. Our advisory can be read here.