Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6022-1

Ubuntu Security Notice 6022-1 - It was discovered that Kamailio did not properly sanitize SIP messages under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 ESM and 18.04 ESM. It was discovered that Kamailio did not properly validate INVITE requests under certain circumstances. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code.

Packet Storm
#vulnerability#ubuntu#dos#perl
=========================================================================Ubuntu Security Notice USN-6022-1April 14, 2023kamailio vulnerabilities=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 ESM- Ubuntu 18.04 ESM- Ubuntu 16.04 ESMSummary:Kamailio could be made to crash or run programs if it received speciallycrafted input.Software Description:- kamailio: very fast, dynamic and configurable SIP serverDetails:It was discovered that Kamailio did not properly sanitize SIP messages undercertain circumstances. An attacker could use this vulnerability to cause adenial of service or possibly execute arbitrary code. This issue only affectedUbuntu 16.04 ESM and 18.04 ESM. (CVE-2018-16657)It was discovered that Kamailio did not properly validate INVITE requestsunder certain circumstances. An attacker could use this vulnerability tocause a denial of service or possibly execute arbitrary code. (CVE-2020-27507)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 ESM:  kamailio                        5.3.2-1ubuntu0.1~esm1Ubuntu 18.04 ESM:  kamailio                        5.1.2-1ubuntu2+esm1Ubuntu 16.04 ESM:  kamailio                        4.3.4-1.1ubuntu2.1+esm1In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-6022-1  CVE-2018-16657, CVE-2020-27507

Related news

CVE-2020-27507: tm: do not add duplicate headers in local requests · kamailio/kamailio@ada3701

The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution