Skinny Channel Driver Remote Crash Vulnerability

Report
Question

A previously developed patch dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer. Similar to the problem solved with the previous patch, a remote attacker with a valid SCCP ID can use this vulnerability by closing a connection to the Asterisk server when a station is in the "Off Hook" call state and…

VoIP News 3.3 years ago 0 Answers

Asterisk 10.5.1 Now Available (Security Release)

Report
Question

The Asterisk Development Team has announced a security release for Asterisk 10.
This security release is released as version 10.5.1. The release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 10.5.1 resolves the following issue: * A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client sends an Off Hook message, followed by
a Key Pad Button Message, a structure that was previously set to NULL is
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server,…

Asterisk Users 3.3 years ago 0 Answers

SCCP Questions

Report
Question

Hi List, Has anyone been running SCCP with a larger number of phones? Im looking to
deploy like 75+ phones and I want to keep SCCP so I don't have to upgrade
them and for the SLA, some phones also have no SIP software for them so im
forced to keep SCCP. Does anyone have any experience with this? From what
ive read the SCCP support works and works well, im just worried about
trying to run this many phones and if im missing any sort of issues that
could come up. Thanks!

Asterisk Users 3.3 years ago 4 Answers

Certified Asterisk 1.8.11-cert2; Asterisk 1.8.12.1, 10.4.1 Now Available (Security Release)

Report
Question

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1. These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following
two issues: * A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name,…

Asterisk Users 3.3 years ago 0 Answers

How to stop ringing when incoming PSTN call is answered externally?

Report
Question

This is a hard one to explain. My home PSTN line is connected via an Openvox A400P card to my Asterisk 1.6.2.23 box which then routes incoming calls to my 2 SCCP extensions. The calls are routed just fine, but when a call is answered at one of the extensions or externally (by a home telephone) the asterisk extensions continue to ring one more time. Is there a way to have Asterisk drop an incoming PSTN call as soon as it's answered? CLI output when receiving a PSTN call: Starting simple switch on 'DAHDI/3-1'

Asterisk Users 3.5 years ago 2 Answers

asterisk + sccp-b problem

Report
Question

Dear,
with asterisk 1.6.2.18 and sccp-bv3stable on two servers, we tried to
register about 1200 cisco phones, for a company.
in out of official hours, all 1200 phones registered and the cpu and ram was
below 5%. H323 is the protocol for incoming calls, and SIP for outgoing ones. in official hours, with only 10 calls, the cpu went more than 100% , and
crashed.
the bt full result of gdb was attached I have some questions now,
1-is any problem in the attached report.
2-does asterisk 1.4 more stable than 1.6…

Asterisk Users 4.1 years ago 1 Answer

Jabber / GTalk / hints

Report
Question


On 04/17/2011 02:28 AM, Stefan Gofferje wrote:
> Hi!
>
> Are hints not yet implemented in res_jabber?
> I have this here:
>
> exten => 3000,hint,gtalk/gtalk_account/mari.xxxxxxx@gmail.com
>
> But the hint doesn't show any difference. It always shows online on the
> phone and core show hints always shows that:
>
> 6003@internal : SCCP/6003 State:Unavailable Watchers 0
> 6002@internal : SCCP/6002 State:Idle Watchers 0
> 6001@internal : SCCP/6001 State:Idle Watchers 0
> 6000@internal : SCCP/6000 State:Idle Watchers 0
> 6004@internal…

Asterisk Users 4.4 years ago 0 Answers

Asterisk port 5000 open

Report
Question

Hi, I have been trying to find out what module is causing asterisk to open port
5000 I have already disabled some ( sccp, mgcp, iax and other modules ) since I
only want sip port opened
/etc/asterisk# netstat -aln --programs | grep asterisk
tcp 0 X.X.X.X:5060 0.0.0.0:* LISTEN
22523/asterisk
udp 0 X.X.X.X:5000 0.0.0.0:*
22523/asterisk
udp 0 X.X.X.X:5060 0.0.0.0:*
22523/asterisk I have port 5000 blocked with IP tables, but would like better to understand
what is it for. Not sure if there's a list of known ports used by…

Asterisk Users 4.4 years ago 1 Answer