* You are viewing the archive for July 5th, 2012

FreePBX: How To Hangup If The Caller Did Not Press # After The Voicemail Message

Dears;

In FreePBX, when I select voicemail for the extension, and if the caller sent for the voicemail, and he leaved (or did not leave) a voice message, and did not press #, so the channel will stay open and this is not good specially if the call was coming from outside via the analoge lines (because the caller might hangup and the dahdi does not detect the hangup, so the channel will stay openned).

How to let the voicemail hangup automatically after waiting for certain seconds (for example after 30 or 40 second), then to hangup or jump for the next line to run it?

What is the parameter or the setting field in the freepbx that can resolve this (the voice mail message to be maximum for 30 or 40 second, after that to hangup even without pressing #). From where?

Regards
Bilal

FreePBX: Using Context Other Than The Default Context And The Generation For The Configuration

Hi All;

If I set a context other than the default context, then I do not see a generation for a configuration in the extensions_additional.conf for this context, but always the generation for the configuration is for the default context (from-internal).

Normally, I have to put some Phones in a context and another Phones in a context, and give each context a privilages, but if I do this, then I have to write the configuration in my hand and it will not be autogeneration, correct?

In this case, the Phone will not have any of the features that I am going to add it in the GUI because these features will be in the default context which is not included (unless I add it manually) in the context that I will set it.

Also, if I set the context and I write manually the configuration for this context, I do not think that I will have CDR (because to have CDR, I have to use some configuration to log in the database and becoming able to see it in the CDR).

Again, if I used the default context, then it is good that all the stations to have the same context and same previlages .. so it is not a practical way.

So, what is the solution for this?

As I see the only benifit of the Freepbx (the GUI), is to generate the configuration that I can use it when I am writing the manual configuration (by including it and so on). In this case, I am afraid that things will become maybe more complex :) !! Any advise for this?

Regards
Bilal

Sip And Extensions

I am new. Here is the code that I am playing with on CentOS 6.x

When I dial the number that corresponds w/ my SIP account I get a recording: “reached a non-working number……..”

I built Asterisk a few times last year and am now back working on a similar project. In my view, there is something wrong in sip.conf
I don’t remember using a file that long to get a basic call set up. The format was provided to me by voipvoip.com (the SIP provider).

Does anyone have any comments please? I just want a very simple config to get my machine to recognize a call to the SIP provider.

Here is results of sip show registry:

Host dnsmgr Username Refresh
State Reg.Time sip3.voipvoip.com:5060 N 5552530146 285
Registered Thu, 05 Jul 2012 21:39:56
1 SIP registrations.

Here is sip and extensions.conf

sip.conf

[general]
register => 5552530146:funnytiger123@sip3.voipvoip.com
;

[sip3.voipvoip.com]

[outgoing]
usernameU52530146
type=peer qualify=yes secret=fnnytiger123
nat=ato insecure=very hosti.90.209.57
fromuserU52530146
fromdomaini.90.209.57
dtmfmode=rfc2833
allow=g729
allow=ilbc allow=ulaw allow=aaw disallow=al srvlookup=no

[incoming]
usernameU52530146
type=user secret=fnnytiger123
nat=ato insecure=very hosti.90.209.57
fromdomaini.90.209.57
dtmfmode=rfc2833
context=incoming allow=g729
allow=ulaw allow=aaw allow=ilbc disallow=al srvlookup=no



extensions.conf

[general]

;
;
[incoming]
;first creating extensions for your local users exten=> s,1,Dial(SIP/17037175555)
exten=> s,2,Hangup()

AST-2012-011: Remote Crash Vulnerability In Voice Mail Application

If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash.

Management of the memory in question has been reworked so that double frees and out of bounds array access do not occur. Upgrade to the latest release.

Affected Versions

  • Product Release Series
  • Asterisk Open Source 1.8.x 1.8.11 and newer
  • Asterisk Open Source 10.x 10.3 and newer
  • Certified Asterisk 1.8.11-certx All versions
  • Asterisk Digiumphones 10.x.x-digiumphones All versions

Corrected In

  • Product Release
  • Asterisk Open Source 1.8.13.1, 10.5.2
  • Certified Asterisk 1.8.11-cert4
  • Asterisk Digiumphones 10.5.2-digiumphones

AST-2012-010: Possible Resource Leak On Uncompleted Re-invite Transactions

Asterisk Project Security Advisory – AST-2012-010

Product Asterisk
Summary Possible resource leak on uncompleted re-invite
transactions
Nature of Advisory Denial of Service
Susceptibility Remote authenticated sessions
Severity Minor
Exploits Known No
Reported On June 13, 2012
Reported By Steve Davies
Posted On July 5, 2012
Last Updated On July 5, 2012
Advisory Contact Terry Wilson
CVE Name TBD

Description If Asterisk sends a re-invite and an endpoint responds to
the re-invite with a provisional response but never sends a
final response, then the SIP dialog structure is never
freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could
create a denial of service by using all available RTP
ports.

Resolution A re-invite that receives a provisional response without a
final response is detected and properly cleaned up at
hangup.

Affected Versions
Product Release Series
Asterisk Open Source 1.8.x All versions
Asterisk Open Source 10.x All versions
Asterisk Business Edition C.3.x All versions
Certified Asterisk 1.8.11-certx All versions
Asterisk Digiumphones 10.x.x-digiumphones All versions

Corrected In
Product Release
Asterisk Open Source 1.8.13.1, 10.5.2
Asterisk Business Edition C.3.7.5
Certified Asterisk 1.8.11-cert4
Asterisk Digiumphones 10.5.2-digiumphones

Patches
URL Revision
http://downloads.asterisk.org/pub/security/AST-2012-010-1.8.diff Asterisk
1.8
http://downloads.asterisk.org/pub/security/AST-2012-010-10.diff Asterisk
10

Links https://issues.asterisk.org/jira/browse/ASTERISK-19992

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security

This document may be superseded by later versions; if so, the latest
version will be posted at
http://downloads.digium.com/pub/security/AST-2012-010.pdf and
http://downloads.digium.com/pub/security/AST-2012-010.html

Revision History
Date Editor Revisions Made
06/27/2012 Terry Wilson Initial Release

Asterisk Project Security Advisory – AST-2012-010
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.

Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, 10.5.2-digiumphones Now Available (Security Release)

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.

These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones resolve the following two issues:

* If Asterisk sends a re-invite and an endpoint responds to the re-invite with
a provisional response but never sends a final response, then the SIP dialog
structure is never freed and the RTP ports for the call are never released. If
an attacker has the ability to place a call, they could create a denial of
service by using all available RTP ports.

* If a single voicemail account is manipulated by two parties simultaneously,
a condition can occur where memory is freed twice causing a crash.

These issues and their resolution are described in the security advisories.

For more information about the details of these vulnerabilities, please read security advisories AST-2012-010 and AST-2012-011, which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert4

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2-digiumphones

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-011.pdf

Thank you for your continued support of Asterisk!