FreeSWITCH Route Header Value Handling DoS

medium Nessus Plugin ID 63203

Synopsis

The remote SIP service is affected by a denial of service vulnerability.

Description

According to its self-reported version, the remote FreeSWITCH install is affected by a denial of service vulnerability in the Sofia SIP stack. A remote attacker can exploit this, via a specially crafted INVITE request with a 'Route' value containing a long list, to crash the service.

Solution

Upgrade to FreeSWITCH version 1.3.0 commit 016550f218fb0ea54aa6163d6a6eb7e02539da5e or later.

See Also

https://freeswitch.org/jira/browse/FS-4627

Plugin Details

Severity: Medium

ID: 63203

File Name: freeswitch_fs4627.nasl

Version: 1.6

Type: remote

Family: Misc.

Published: 12/10/2012

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:freeswitch:freeswitch

Required KB Items: Settings/ParanoidReport, sip/freeswitch/present

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/18/2012

Vulnerability Publication Date: 9/18/2012

Reference Information

BID: 55599