Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 12 Feb 2015 09:33:28 -0500 (EST)
To: Helmut Grohne <>
        Victor Seva <>,
Subject: Re: kamailio: multiple /tmp file vulnerabilities

> There are multiple /tmp file vulnerabilities to be found in the kamailio
> SIP proxy. While many of these issues only affect configuration examples
> or outdated components, some do affect the default configuration.
> Initial disclosures:
> (2013)
> (2015)
> Upstream issue:
> At this point, three issues are well understood:
> * The kamctl administrative utility and default configuration would use
>   /tmp/kamailio_fifo (#712083, 2013, fixed in Debian's kamailio
>   4.0.2-1).

Use CVE-2013-7426.

> * The kamcmd administrative utility and default configuration would use
>   /tmp/kamailio_ctl (#775681, 2015, patch available).

Use CVE-2015-1590.

> * The kamailio build process would use constant filenames in /tmp
>   allowing to elevate privileges to the build user (#775681, 2015,
>   patch available).

Use CVE-2015-1591.

> The combined patch can be found at:
> While the last issue definitely affects the upstream kamailio build,
> arguably the first two issues are packaging specific. If they are
> treated as such, it is worth noting that kamailio was never part of a
> Debian stable release and thus this may not be worth issuing a CVE.
> I would like to thank Victor Seva for his timely responses, kind
> interaction and providing patches for all of these issues.
> Helmut


CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ