Remote Crash Vulnerability in SIP Channel Driver

Report
Question

Asterisk Project Security Advisory - AST-2012-006 Product Asterisk
Summary Remote Crash Vulnerability in SIP Channel Driver
Nature of Advisory Remote Crash
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On April 16, 2012
Reported By Thomas Arimont
Posted On April 23, 2012
Last Updated On April 23, 2012
Advisory Contact Matt Jordan < mjordan AT digium DOT com >
CVE Name Description A remotely exploitable crash vulnerability exists in the
SIP channel driver if a SIP UPDATE request is processed
within a particular window of…

Asterisk Users 3.3 years ago 0 Answers

Heap Buffer Overflow in Skinny Channel Driver

Report
Question

In the Skinny channel driver, KEYPAD_BUTTON_MESSAGE events are queued for processing in a buffer allocated on the heap, where each DTMF value that is received is placed on the end of the buffer. Since the length of the buffer is never checked, an attacker could send sufficient KEYPAD_BUTTON_MESSAGE events such that the buffer is overrun. Now, the length of the buffer is now checked before appending a value to the end of the buffer. Affected Versions:

  • Product Release Series
  • Asterisk Open Source 1.6.2.x All Versions
  • Asterisk Open Source 1.8.x All Versions
  • Asterisk Open Source 10.x All Versions
Corrected In Product Release:

Asterisk Manager User Unauthorized Shell Access

Report
Question

A user of the Asterisk Manager Interface can bypass a security check and execute shell commands when they lack permission to do so. Under normal conditions, a user should only be able to run shell commands if that user has System class authorization. Users could bypass this restriction by using the MixMonitor application with the originate action or by using either the GetVar or Status manager actions in combination with the SHELL and EVAL functions. The patch adds checks in each affected action to verify if a user has System class authorization. If the user does not have those authorizations, Asterisk rejects the action if it detects the use of any…

VoIP News 3.3 years ago 0 Answers

HELP!! Caller ID "unknown" for all inbound call (Satria Anamarta)

Report
Question

Hi Anam It seem should be work, but I just have a question about chan_dahdi.conf regardless to parameter
rxwink=300 ; Atlas seems to use long (250ms) winks
By the way gain parameters shouldn´t have any effect to CID signal processing, how about to comment, and test again, if still without working try to connect parallel phone with Asterisk it will check if could be a hardware problem or configuration parameter setting Good luck
Mc GRATH Ricardo
E-Mail mcgrathr@mail2web.com

Asterisk Users 3.3 years ago 1 Answer

meetme identify user number

Report
Question

Hi Group,
is in MeetMe any option to identify the own number (from the view of a caller)? I would like to write an option to set on the telephone an request for voice, if the room is muted. That request should display on our Conference Control Website and an Admin should unmute this person. Thanx for help.
Daniel

Asterisk Users 3.3 years ago 0 Answers

HELP!! Caller ID "unknown" for all inbound call

Report
Question

This is a very strange problem (at least for me). I just realized that
started from April 20th 2012 every inbound call is from "unknown".
Prior that, asterisk succesfully displayed the caller caller's ID for SOME
of the calls (30-50% success rate). I am using PBX | monitoring menu to see
this report. As far as I remember, I dont modify any settings that related to caller ID,
but few days ago (I dont remember the exact date), I modify the rxgain and
txgain value in chan_dahdi.conf.
The inbound caller ID doesn't display…

Asterisk Users 3.3 years ago 6 Answers

DAHDI 2.6.1 - What does " Build OSLEC EC if in the tree" feature means ?

Report
Question

Hi, In DAHDI 2.6.1 changelog includes this : README, drivers/dahdi/Kbuild: Build OSLEC EC if in the tree Build
the OSLEC echo canceller (drivers/staging/echo and
dahdi_echocan_oslec) if the code of oslec is present in the tree.
Also closing another issue regarding documentation of building
OSLEC, as it is now even clearer than before. Patch has been used
in the Debian package for quite some time. Signed-off-by: Tzafrir
Cohen (closes issue DAHLIN-110)
Reported by: biohumanoid (Pavel Selivanov) Patches:
oslec_auto.diff uploaded by tzafrir (license 5035) (closes issue
DAHLIN-261) Origin:

Asterisk Users 3.3 years ago 1 Answer

Open source speech recognition engine?

Report
Question

Dear all, I am looking for an open source speech recognition engine for a hobby
project. There used to be a Sphinx interface for the generic speech API
(http://scribblej.com/svn/) but it does not compile on Asterisk
versions later than 1.6.x Could anybody direct me on how to update this code, or should I simply
change to the AGI script approach? Best regards,

Asterisk Users 3.3 years ago 1 Answer

No extension found ?

Report
Question

Hi I have a small problems with incoming call. I have a peer actually configured for outcall :
sip.conf: [Trunk-Telco]
type=peer
host=domaineofmysupplier.net
outboundproxy=domaineofmysupplier.net
session-timers=originate
session-expires=7200
qualify=yes
dtmf=rfc2833
nat=no
canreinvite=no
canredirect=yes
dtmfmode=rfc2833
disallow=all
allow=alaw
insecure=port,invite
context=incoming This SIP account work for outgoing call. when i want receive call from
this sipplier, i have a "extension not found". In extensions.conf for incoming: [incoming]
exten => _X.,1,Dial(IAX2/VoIP/${EXTEN},180,rt) in dialplan show incoming, no problems i see the dialplan. when i call, i have: < ---…

Asterisk Users 3.3 years ago 5 Answers

Asterisk Directmedia

Report
Question

What is directmedia?

"directmedia" is the new configuration option name for "canreinvite"; they are the same feature.

To put it simply, is the process where Asterisk tries to redirect the RTP media stream to go directly from the caller to the callee. Be careful that some devices do not support this (especially if one of them is behind a NAT). The default setting is YES, for example in the SIP protocol configuration file sip.conf.…

Asterisk Tips 3.3 years ago 0 Answers