Ubuntu
asterisk package

Asterisk UDP ports not freed/ports leaking [ upstream patch available ]

Bug #816287 reported by giv
268
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Asterisk
Fix Released
Undecided
Unassigned
asterisk (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

root@bird:/etc/asterisk# lsb_release -rd
Description: Ubuntu 10.04.3 LTS
Release: 10.04

root@bird:/etc/asterisk# apt-cache policy asterisk
asterisk:
  Installed: 1:1.6.2.5-0ubuntu1.4
  Candidate: 1:1.6.2.5-0ubuntu1.4
  Version table:
 *** 1:1.6.2.5-0ubuntu1.4 0
        500 https://bit.ly/2BtN52W
        100 /var/lib/dpkg/status
     1:1.6.2.5-0ubuntu1 0
        500 https://bit.ly/2BtN52W

root@bird:/etc/asterisk# uname -a
Linux bird 2.6.32-21-server #32-Ubuntu SMP Fri Apr 16 09:17:34 UTC 2010 x86_64 GNU/Linux

root@bird:/etc/asterisk# asterisk -r -x "core show version"
Asterisk 1.6.2.5-0ubuntu1.4 built by buildd @ yellow on a x86_64 running Linux on 2011-07-12 21:40:24 UTC

root@bird:/etc/asterisk# ls -lt /proc/`cat /var/run/asterisk/asterisk.pid`/fd/ | wc -l
334

root@bird:/etc/asterisk# lsof -i | grep UDP | wc -l
312

root@bird:/etc/asterisk# asterisk -r -x "core show channels"
Channel Location State Application(Data)
SIP/6039-00000128 (None) Up AppDial((Outgoing Line))
SIP/3422403720-00000 3422403740@ulink:9 Up Dial(SIP/6039,2,Tt)
SIP/7006-00000126 (None) Up AppDial((Outgoing Line))
SIP/3422403720-00000 3422403720@ulink:1 Up Dial(SIP/7001&SIP/7002&SIP/700
4 active channels
3 active calls
171 calls processed

root@bird:/etc/asterisk# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 20
file size (blocks, -f) unlimited
pending signals (-i) 16382
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65536
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: asterisk 1:1.6.2.5-0ubuntu1.4 ... https://bit.ly/2BtN52W
ProcVersionSignature: Ubuntu 2.6.32-21.32-server 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-server x86_64
Architecture: amd64
Date: Tue Jul 26 13:41:47 2011
ExecutablePath: /usr/sbin/asterisk
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
 PATH=(custom, no user)
 SHELL=/bin/sh
SourcePackage: asterisk

See original description
Revision history for this message
giv (gavrikov-igor) wrote :
Launchpad Janitor (janitor)
Changed in asterisk (Ubuntu):
status: New → Confirmed
Revision history for this message
Daryl Lublink (dlublink) wrote :

I believe this bug describes asterisk bug #17255 :
https://issues.asterisk.org/view.php?id=17255

It would seem that after some SIP calls, udp sockets are not closed.

If left running too long, you may see the following in asterisk's log ( a few million times a minute ) :

[2011-08-09 09:20:02.775] ERROR[5081] res_timing_timerfd.c: Read error: Bad file descriptor
[2011-08-09 09:20:02.775] DEBUG[5081] res_timing_timerfd.c: Expected to acknowledge 1 ticks but got 0 instead
[2011-08-09 09:20:02.775] ERROR[5081] res_timing_timerfd.c: Read error: Bad file descriptor
[2011-08-09 09:20:02.775] DEBUG[5081] res_timing_timerfd.c: Expected to acknowledge 1 ticks but got 0 instead
[2011-08-09 09:20:02.775] ERROR[5081] res_timing_timerfd.c: Read error: Bad file descriptor
[2011-08-09 09:20:02.775] DEBUG[5081] res_timing_timerfd.c: Expected to acknowledge 1 ticks but got 0 instead
[2011-08-09 09:20:02.775] ERROR[5081] res_timing_timerfd.c: Read error: Bad file descriptor
[2011-08-09 09:20:02.775] DEBUG[5081] res_timing_timerfd.c: Expected to acknowledge 1 ticks but got 0 instead
[2011-08-09 09:20:02.775] ERROR[5081] res_timing_timerfd.c: Read error: Bad file descriptor
[2011-08-09 09:20:02.775] DEBUG[5081] res_timing_timerfd.c: Expected to acknowledge 1 ticks but got 0 instead

The resource exhaustion eventually leads to Asterisk being unable to function as it will either run out of UDP sockets or return errors about open files.

root@ast-1:/var/log/asterisk# lsof | grep asterisk | grep UDP | wc
    121 1089 11004

It has 121 sockets open, but only one call in progress.

Running asterisk : Connected to Asterisk 1.6.2.5-0ubuntu1.4 currently running on pri1 (pid = 5132)

security vulnerability: no → yes
Revision history for this message
Daryl Lublink (dlublink) wrote :

According to the upstream bug report, comment 0132258 rgagnon (reporter), 2011-02-22 00:32, edited on: 2011-02-22 00:53 indicates it could be exploited to run a DoS attack on an affected server.

summary: - Asterisk UDP socket leak
+ Asterisk UDP ports not freed/ports leaking [ upstream patch available ]
Revision history for this message
Daryl Lublink (dlublink) wrote :

Just a clarification to comment 2. The log snippet is what is seen when Asterisk is no longer able to function because of resource exhaustion.

Revision history for this message
Daryl Lublink (dlublink) wrote :

Looks like links to asterisk's mantis don't work anymore.

Changed in asterisk:
importance: Unknown → Undecided
status: Unknown → New
status: New → Fix Released
Revision history for this message
Daryl Lublink (dlublink) wrote :

Asterisk seems to have two ticket systems :

In addition to this bug report : https://issues.asterisk.org/view.php?id=17255

I also found this one : https://issues.asterisk.org/jira/browse/ASTERISK-16023

Revision history for this message
dino99 (9d9) wrote :

This version is now outdated and no more supported

Changed in asterisk (Ubuntu):
status: Confirmed → Invalid
tranadols (tramadols)
description: updated
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.