Tags › kamailio
OpenSIPS Security Audit Report is fully disclosed and out there
Published on Mar 17, 2023 in sip security, sipvicious pro, sip security testing, security tools, opensips, kamailio, fuzzing, denial of service, research
It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report. The OpenSIPS security audit report can be found here. What is the OpenSIPS security audit? OpenSIPS is a SIP server that often has a critical security function within an IP communications system.…
Kamailio’s exec module considered harmful
Executive summary (TL;DR) The combination of pseudo-variables and Kamailio’s exec can be risky and may result in code injection. By using special SIP headers and environment variables, it becomes effortless to exploit a vulnerable configuration. We have created a Docker environment to assist readers in reproducing this vulnerability and testing solutions. Protection is tricky and the official documentation may have previously misled developers - we aim to fix that by updating the module’s official documentation.…
Exploiting CVE-2022-0778, a bug in OpenSSL vis-à-vis WebRTC platforms
Published on Apr 8, 2022 in denial of service, demo server, freeswitch, asterisk, webrtc security, kamailio, sipvicious pro
Executive summary (TL;DR) Exploiting CVE-2022-0778 in a WebRTC context requires that you get a few things right first. But once that is sorted, DoS (in RTC) is the new RCE! How I got social engineered into looking at CVE-2022-0778 A few days ago, Philipp Hancke, self-proclaimed purveyor of the dark side of WebRTC, messaged me privately with a very simple question: “are you offering a DTLS scanner by chance?” He explained how in the context of WebRTC it would be a bit difficult since you need to get signaling right, ICE (that dance with STUN and other funny things) and finally, you get to do your DTLS scans.…
RTC Security chat at Kamailio World Online with Daniel and Olle
Published on Oct 5, 2020 in conferences, kamailio, voip security, webrtc security, sip security testing
It’s been a month already since the Kamailio World RTC security chat! The conversation included Daniel-Constantin Mierla and Olle E. Johansson from the Kamailio project and myself. Daniel is the lead developer of Kamailio, can be found at ASIPTO while Olle is behind Edvina.net. If you don’t have time to watch the entire conversation, the following is my summary of this discussion: Introductions and discussions After introductions from Daniel, I took lead to briefly mention what we at Enable Security have been up to, including our work on SIPVicious PRO, our research on WebRTC security especially regarding the TURN server abuse vulnerability, our work on DoS in VoIP and WebRTC infrastructure and finally, research on how Kamailio may be (mis)configured to introduce vulnerabilities.…
The great Kamailio security debate and some misconceptions debunked
Published on Sep 22, 2020 in kamailio, sip security
Introduction The Kamailio community has always been very welcoming to us since our first connection in 2015 where I gave a dangerous demo showing the open-source version of SIPVicious scanning the Internet and discovering all sorts of SIP devices. Since then, we’ve been contributing through presentations at Kamailio World each year, highlighting various security concerns for the RTC community and the occasional security report and advisory urging people to upgrade their Kamailio.…
Smuggling SIP headers past Session Border Controllers FTW!
Published on Sep 1, 2020 in kamailio, sip security, gasoline, sip security testing
Executive summary (TL;DR) SIP Header smuggling is a thing; in some cases it may be super-bad. It affected Kamailio and we have published a Github project to easily demonstrate and test this for yourself. Kamailio has since fixed the issue in release 5.4.0 but similar issues are likely to affect other SBCs. Usage of special SIP headers When it comes to trusted SIP networks, one of the primary ways that information is passed across different hops is through SIP headers.…
Kamailio World Online SIP and VoIP Security Panel
Published on Aug 27, 2020 in sip security, conferences, webrtc security, voip security, kamailio
On 2nd September, 14:00-14:30 Berlin time, the author of this post is joining Olle E. Johansson to chat at Kamailio World online about (guess what?) SIP and VoIP security, and recommendations on how working from home impacts security. I very much look forward to our discussions that will be streamed live on the Kamailio World youtube channel! My arguments will likely be turned into an opinion piece later on, but they’ll likely steer towards the following thoughts:…