Skip to main content

Tags opensips

OpenSIPS Security Audit Report is fully disclosed and out there

It’s almost a year since the OpenSIPS project published a minimized version of our security audit report from 2022. Now, the full version has been published, with all the information intact on how to reproduce the vulnerabilities and extra details in an 80+ page report. The OpenSIPS security audit report can be found here. What is the OpenSIPS security audit? OpenSIPS is a SIP server that often has a critical security function within an IP communications system.…

Read more »
Alfred Farrugia

Alfred Farrugia, Enable Security

Bug discovery diaries: uncovering sngrep overflow issues with blackbox fuzzing

Executive summary (TL;DR) During OpenSIPIt, we crashed sngrep by mistake while briefly fuzzing OpenSIPS. Later on we setup a docker environment to reproduce the issue, identified the actual bugs and reported them upstream. If you want to learn the simple steps to do this, you actually have to read the rest of the post :-) sngrep crash during the live OpenSIPit event Last year we participated in OpenSIPIt’s interoperability testing event which was held between the 14th and 15th of September 2020.…

Read more »