lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <8b43dc7a-2fdd-4566-928e-b5043ca259fc@app.fastmail.com> Date: Wed, 26 Jun 2024 06:59:29 +0200 From: Sandro Gauci via Fulldisclosure <fulldisclosure@...lists.org> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] Novel DoS Vulnerability Affecting WebRTC Media Servers Dear Colleagues, We have published a new blog post discussing a novel Denial-of-Service (DoS) vulnerability affecting WebRTC media servers. ## Executive summary (TL;DR) A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP, specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and DTLS traffic and can be exploited to disrupt media sessions, compromising the availability of real-time communication services. Mitigations include filtering packets based on ICE-validated IP and port combinations. The article also indicates safe testing methods and strategies for detecting the attack. -- You can read the full article here: https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers/ Best regards, -- Sandro Gauci, CEO at Enable Security GmbH Register of Companies: AG Charlottenburg HRB 173016 B Company HQ: Neuburger Straße 101 b, 94036 Passau, Germany RTCSec Newsletter: https://www.rtcsec.com/subscribe Our blog: https://www.rtcsec.com Other points of contact: https://www.enablesecurity.com/contact/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists