CVE-2013-7426

Name of the Vulnerable Software and Affected Versions kamailio version 4.0.1

Description The issue is related to an insecure temporary file vulnerability. It also involves an unlimited file upload vulnerability of a dangerous type in the SIP server, which can be exploited by a remote attacker to upload or transfer untrusted files to the /tmp/kamailio fifo location.

Recommendations For kamailio version 4.0.1, consider restricting access to the /tmp/kamailio fifo directory to prevent exploitation. Additionally, as a temporary workaround, restrict the ability to upload files to this location until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.