Tags › gasoline
Bug discovery diaries: Abusing VoIPmonitor for Remote Code Execution
Published on Mar 16, 2021 in fuzzing, sip security, sip security testing, research, sipvicious pro, voip security, gasoline
Executive summary (TL;DR) We fuzzed VoIPmonitor by using SIPVicious PRO and got a crash in the software’s live sniffer feature when it is switched on. We identified the cause of the crash by looking at the source code, which was a classic buffer overflow. Then we realized that was fully exploitable since the binaries distributed do not have any memory corruption protection. So we wrote exploit code using ROP gadgets to get remote code execution by just sending a SIP packet.…
Smuggling SIP headers past Session Border Controllers FTW!
Published on Sep 1, 2020 in kamailio, sip security, gasoline, sip security testing
Executive summary (TL;DR) SIP Header smuggling is a thing; in some cases it may be super-bad. It affected Kamailio and we have published a Github project to easily demonstrate and test this for yourself. Kamailio has since fixed the issue in release 5.4.0 but similar issues are likely to affect other SBCs. Usage of special SIP headers When it comes to trusted SIP networks, one of the primary ways that information is passed across different hops is through SIP headers.…