127 lines
No EOL
4.7 KiB
Text
127 lines
No EOL
4.7 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA256
|
|
|
|
I. Advisory Summary
|
|
|
|
Title: SIP Digest Leak Information Disclosure in PhonerLite 2.14 SIP Soft Phone
|
|
Date Published: March 30, 2014
|
|
Vendors contacted: Heiko Sommerfeldt, PhonerLite author
|
|
Discovered by: Jason Ostrom
|
|
Severity: Medium
|
|
|
|
II. Vulnerability Scoring Metrics
|
|
|
|
CVE Reference: CVE-2014-2560
|
|
CVSS v2 Base Score: 4.3
|
|
CVSS v2 Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)
|
|
Component(s): PhonerLite SIP Soft Phone
|
|
Class: Information Disclosure
|
|
|
|
III. Introduction
|
|
|
|
PhonerLite [1] is a freeware SIP soft phone client running on the Windows
|
|
platform and supporting common VoIP features as well as security
|
|
functionality such as SIP TLS, SRTP, and ZRTP.
|
|
|
|
[1] http://www.phonerlite.de
|
|
|
|
IV. Vulnerability Description
|
|
|
|
PhonerLite SIP soft phone version 2.14 is vulnerable to revealing SIP MD5
|
|
digest authenticated user credential hash via spoofed SIP INVITE message
|
|
sent by a malicious 3rd party. After responding back to an authentication
|
|
challenge to the BYE message, PhonerLite leaks the hashed MD5 digest
|
|
credentials. After the 3rd party receives the dumped MD5 hash, they can use
|
|
this information to mount an offline wordlist attack. This SIP protocol
|
|
implementation issue vulnerability was initially discovered by Sandro Gauci
|
|
of Enable Security [2], with vendor soft phones and handsets showing
|
|
differential success in mitigating this flaw. CVE-IDs have been reserved
|
|
for two previous SIP soft phone implementations [3, 4] that were tested as
|
|
vulnerable.
|
|
|
|
[2] https://resources.enablesecurity.com/resources/sipdigestleak-tut.pdf
|
|
[3] CVE-ID for Gizmo5 soft phone: CVE-2009-5139
|
|
[4] CVE-ID for Linksys SPA2102 adapter: CVE-2009-5140
|
|
|
|
V. Technical Description / Proof of Concept Code
|
|
|
|
The following steps can be carried out in duplicating this vulnerability.
|
|
|
|
Step 1:
|
|
Use SIPp protocol tester to craft a SIP INVITE message using TCP transport
|
|
and forward the SIP message towards the IP address of the Windows PhonerLite
|
|
soft phone, listening on TCP port 5060
|
|
Step 2:
|
|
PhonerLite user answers call
|
|
Step 3:
|
|
PhonerLite user hangs up call, since there is no one talking (it is like
|
|
dead air)
|
|
Step 4:
|
|
Attacker receives BYE message from PhonerLite. Immediately after receiving
|
|
BYE, attacker sends a 401 challenge SIP message
|
|
Step 5:
|
|
PhonerLite responds with a second BYE message, containing SIP Authorization
|
|
header (which contains MD5 hash / response)
|
|
Step 6:
|
|
Attacker mounts an offline wordlist attack against the dumped MD5 hash using
|
|
sipdump/sipcrack
|
|
|
|
Additional Notes:
|
|
* The vulnerability verification was tested as a malicious 3rd party using
|
|
Kali Linux [5] distribution, with all tools included in distro.
|
|
* The attacker does not need to know the correct username of PhonerLite
|
|
registered SIP user. The attacker only needs to find the IP address of a
|
|
PhonerLite endpoint listening on TCP port 5060.
|
|
* The attacker does not need to know the digest realm field. A null realm
|
|
string of "NULL" or "null" will be sufficient in exploiting the flaw.
|
|
* Verified that PhonerLite is not vulnerable to this security flaw when
|
|
attacker uses UDP transport instead of TCP
|
|
|
|
[5] http://kali.org
|
|
|
|
VIII. Vendor Information, Solutions, and Workarounds
|
|
|
|
This issue is fixed in PhonerLite version 2.15
|
|
|
|
Resolution is the following, as specified by the author: A SIP UAC (User
|
|
Agent Client) should not send a 401 or 407. In other words, only a UAS
|
|
(User Agent Server) should send a 401 or 407 challenge. Therefore, a
|
|
401/407 will be dropped by the UAS (PhonerLite) if sent by a malicious 3rd
|
|
party UAC.
|
|
|
|
IX. Credits
|
|
|
|
This vulnerability has been discovered by:
|
|
Jason Ostrom of Stora
|
|
|
|
XX. Vulnerability History
|
|
|
|
Sun, 2/16/14: Vulnerability discovered
|
|
Wed, 3/12/14: Sent vulnerability disclosure to Heiko Sommerfeldt, info at
|
|
phoner.de
|
|
Thu, 3/13/14: Notified by author that Beta version has been uploaded, which
|
|
should fix problem. Attempted to verify with security testing of Beta 2.15.
|
|
Verified that issue has been resolved.
|
|
Sun, 3/30/14: Notified by author that fixed version (2.15) has been
|
|
uploaded
|
|
Sun, 3/30/14: Vulnerability disclosure posted
|
|
|
|
XXI. Disclaimer
|
|
|
|
The information contained within this advisory is supplied "as-is" with no
|
|
warranties or guarantees of fitness of use or otherwise. Stora accepts no
|
|
responsibility for any damage caused by the use or misuse of this
|
|
information.
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: Encryption Desktop 10.3.2 (Build 15238)
|
|
Charset: us-ascii
|
|
|
|
wsBVAwUBUzl9EWRzm/FWea0uAQjX8gf/Ts6IWfPbMFeir5PxDrvQ2VWBNCESgODN
|
|
GgJQZaj6339ZxIMFC6IYoD4Uvx223igSB+OyYHLmGZOnQoES7Ilj2Or5Afe71Cqe
|
|
ExqYe2fTaZeyruWTgmPA296W3EEoT+Cedeyy5k0+sxK4ahKZ2DQgM/WIDDHU3X/B
|
|
nAJZWob+r2f2tQr+OBhy7saMEix9QMNeAEZCa+JJ8az9gxe6+AU9kdmwj9hPy+qc
|
|
ZDODMOSyvYojfuvE0oy0AyZ1OBWVpI9lSCI6wmUT6ihOpruz3OKQT+e1HyFoBvmX
|
|
aafzW7VlbxgS3EQRC25EWj61BYVIy7OpIFfOzymyBnL/qb0PTBmiDA==
|
|
=rmxn
|
|
-----END PGP SIGNATURE----- |