[OpenSIPS-Users] [OpenSIPS Security Alerts] [FIX] [Severity Low] Advertise Address ignored

Bogdan-Andrei Iancu bogdan at opensips.org
Fri Aug 24 19:25:30 CEST 2012

This message was generated by the Security Alerts service ( Free Trial 14th of August - 14th of September )
SVN commit*:

*Severity*: Low

*Version*  : all

*Affected modules*  : B2B_entities, pua and presence modules

*Effect*  : Advertising the wrong IP:port in the contact hdr

*Affected scenarios*: While using the presence or B2B related modules, when OpenSIPS has to build the contact header for
generating new requests (acting as UAC!), it will ignore the eventual "advertised address / port" options configured for
the interfaces.

*Description:*  Instead of checking if some "advertise" options are set for the interface, the contact header was all the
time built based on the real IP and PORT of the interface. Shortly, the "advertising" functionality (for interfaces) was
not working for these modules.

*Risks*  : generate wrong Contact header (with wrong IP info, but valid as syntax).

*Update*  :
- if you have an SVN checkout, 1.8 and trunk were fixed; so update to a revision later than 9192 (trunk) or
   9193 (1.8 branch).
- if you have OpenSIPS from sources see the attached patch;
- if using tarballs, they were already regenerated (and include the fix). Available only for 1.8.
- If using the official Debian package (apt.opensips.org), they are also re-generated including the fix
   (available for 1.8 and trunk).

Bogdan-Andrei Iancu
OpenSIPS Founder and Developer

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120824/272a0929/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: advertise_contact-9192.patch
Type: text/x-patch
Size: 1342 bytes
Desc: not available
URL: <http://lists.opensips.org/pipermail/users/attachments/20120824/272a0929/attachment.bin>
-------------- next part --------------
Alerts mailing list
Alerts at lists.opensips.org

More information about the Users mailing list