Hi,
Thank you for the personal criticism, I strive to better my knowledge every day.
With respect to the mentioned vulnerability…
If, using 1.8.4.1 I’ve defined the general section as mentioned in the report, and I attempt a random registration, then Asterisk responds:
<--- SIP read from UDP:10.24.250.50:5060 --->
REGISTER sip:10.24.13.224 SIP/2.0
Via: SIP/2.0/UDP 10.24.68.105:5060;rport;branch=z9hG4bKPj0eJBB-jN9nzKtEtCYZ84ethWwhFa6EUp
Max-Forwards: 70
From: "MALCOLM DAVENPORT" <sip:malcolm2@10.24.13.224>;tag=4c4B3dHjF2-wsRC2mt-YJgnes.0KUy.l
To: "MALCOLM DAVENPORT" <sip:malcolm2@10.24.13.224>
Contact: <sip:fmnzvkru@10.24.250.50:5060>
Call-ID: nzwgP1mGol26QfV2ENqarVrtvUn7DNxn
CSeq: 1 REGISTER
Expires: 600
User-Agent: Blink 0.24.1 (MacOSX)
Content-Length: 0
<------------->
--- (11 headers 0 lines) ---
Sending to 10.24.250.50:5060 (no NAT)
<--- Transmitting (no NAT) to 10.24.250.50:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.24.68.105:5060;branch=z9hG4bKPj0eJBB-jN9nzKtEtCYZ84ethWwhFa6EUp;received=10.24.250.50;rport=5060
From: "MALCOLM DAVENPORT" <sip:malcolm2@10.24.13.224>;tag=4c4B3dHjF2-wsRC2mt-YJgnes.0KUy.l
To: "MALCOLM DAVENPORT" <sip:malcolm2@10.24.13.224>
Call-ID: nzwgP1mGol26QfV2ENqarVrtvUn7DNxn
CSeq: 1 REGISTER
Server: Asterisk PBX 1.8.4.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Length: 0
<------------>
<--- Transmitting (no NAT) to 10.24.250.50:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.24.68.105:5060;branch=z9hG4bKPj0eJBB-jN9nzKtEtCYZ84ethWwhFa6EUp;received=10.24.250.50;rport=5060
From: "MALCOLM DAVENPORT" <sip:malcolm2@10.24.13.224>;tag=4c4B3dHjF2-wsRC2mt-YJgnes.0KUy.l
To: "MALCOLM DAVENPORT" <sip:malcolm2@10.24.13.224>;tag=as1224f78b
Call-ID: nzwgP1mGol26QfV2ENqarVrtvUn7DNxn
CSeq: 1 REGISTER
Server: Asterisk PBX 1.8.4.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="3d97cd13"
Content-Length: 0
<------------>
If, on the other hand, I attempt registration of an already defined peer, then I get:
<--- SIP read from UDP:10.24.250.50:5060 --->
SUBSCRIBE sip:asterisk@10.24.13.224:5060 SIP/2.0
Via: SIP/2.0/UDP 10.24.68.105:5060;rport;branch=z9hG4bKPjcPe-jn0zgXaWT95xtpN3hRAqGjX.24.a
Max-Forwards: 70
From: "malcolm" <sip:malcolm@10.24.13.224>;tag=AhRDQWRw2FllrDXyS6VZQxthD0yvIwqv
To: <sip:malcolm@10.24.13.224>;tag=as239c2b7a
Contact: <sip:kqiufwjd@10.24.250.50:5060>
Call-ID: wvFyp4wO-etAV4diFUO.SW85NipQy8.K
CSeq: 4643 SUBSCRIBE
Event: message-summary
Expires: 0
Accept: application/simple-message-summary
Allow-Events: conference, message-summary, presence, presence.winfo, xcap-diff, refer
User-Agent: Blink 0.24.1 (MacOSX)
Content-Length: 0
<------------->
--- (14 headers 0 lines) ---
Found peer 'malcolm' for 'malcolm' from 10.24.250.50:5060
<--- Transmitting (no NAT) to 10.24.250.50:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.24.68.105:5060;branch=z9hG4bKPjcPe-jn0zgXaWT95xtpN3hRAqGjX.24.a;received=10.24.250.50;rport=5060
From: "malcolm" <sip:malcolm@10.24.13.224>;tag=AhRDQWRw2FllrDXyS6VZQxthD0yvIwqv
To: <sip:malcolm@10.24.13.224>;tag=as239c2b7a
Call-ID: wvFyp4wO-etAV4diFUO.SW85NipQy8.K
CSeq: 4643 SUBSCRIBE
Server: Asterisk PBX 1.8.4.1
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="0703a3a4"
Content-Length: 0
<------------>
Because Asterisk is responding with a 100 Trying, is there not a “leak” that someone has guessed an invalid peer definition?