PJSIP logging allows attacker to inject fake Asterisk log entries
Package
asterisk
(Asterisk)
Affected versions
=21.0.0
<=18.19.0
<=20.4.0
Patched versions
21.0.1
18.20.1
20.5.1
certified-asterisk
(Asterisk)
<=18.9-cert5
18.9-cert6
Impact
An attacker can send a fake Asterisk log entry on the PJSIP signaling port, resulting in the fake entry being logged as an invalid packet. Servers running fail2ban or similar against the Asterisk logs may then take inappropriate action based on the fake log entries.
Patches
Patch has been accepted to PJSIP but not yet released.
Workarounds
Lock down PJSIP signaling listen port.
References
pjsip/pjproject#3476
pjsip/pjproject#3636