The solution implemented is to drop all packets from addresses that have not been validated by an ICE check. To address this vulnerability, upgrade FreeSWITCH to 1.10.11 which includes the security fix. Abuse of this vulnerability may lead to a massive Denial of Service on vulnerable FreeSWITCH servers for calls that rely on DTLS-SRTP. This results in the media session being torn down, which is followed by teardown at signaling (SIP) level too. If an attacker manages to send a ClientHello DTLS message with an invalid CipherSuite (such as `TLS_NULL_WITH_NULL_NULL`) to the port on the FreeSWITCH server that is expecting packets from the caller, a DTLS error is generated. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. Prior to version 1.10.11, when handling DTLS-SRTP for media setup, FreeSWITCH is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.įreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. When request processing utilizes a Uni cached using and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. A flaw was found in the Quarkus Cache Runtime.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |