* You are viewing Posts Tagged ‘sccp’

Trunk SCCP

Hi all.

I compiled the module chan_sccp, now its possible deploy trunk SCCP with Callmanager? Anyone?

Regards

Skinny Channel Driver Remote Crash Vulnerability

A previously developed patch dealt with a denial of service attack exploitable in the Skinny channel driver that occurred when certain messages are sent after a previously registered station sends an Off Hook message. Unresolved in that patch is an issue in the Asterisk 10 releases, wherein, if a Station Key Pad Button Message is processed after an Off Hook message, the channel driver will inappropriately dereference a Null pointer.

Similar to the problem solved with the previous patch, a remote attacker with a valid SCCP ID can use this vulnerability by closing a connection to the Asterisk server when a station is in the “Off Hook” call state and crash the server.

Now the presence of a device for a line is checked in the appropriate channel callbacks, preventing the crash.

you can download the latest Asterisk packages in the download section, as usual.

Stay tunned for more security updates.

Asterisk 10.5.1 Now Available (Security Release)

The Asterisk Development Team has announced a security release for Asterisk 10.
This security release is released as version 10.5.1.

The release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 10.5.1 resolves the following issue:

* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client sends an Off Hook message, followed by
a Key Pad Button Message, a structure that was previously set to NULL is
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.

This issue and its resolution is described in the security advisory.

For more information about the details of this vulnerability, please read
security advisory AST-2012-009, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.1

The security advisory is available at:

* http://downloads.asterisk.org/pub/security/AST-2012-009.pdf

Thank you for your continued support of Asterisk!

SCCP Questions

Hi List,

Has anyone been running SCCP with a larger number of phones? Im looking to
deploy like 75+ phones and I want to keep SCCP so I don’t have to upgrade
them and for the SLA, some phones also have no SIP software for them so im
forced to keep SCCP. Does anyone have any experience with this? From what
ive read the SCCP support works and works well, im just worried about
trying to run this many phones and if im missing any sort of issues that
could come up.

Thanks!

Certified Asterisk 1.8.11-cert2; Asterisk 1.8.12.1, 10.4.1 Now Available (Security Release)

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert2, 1.8.12.1, and 10.4.1.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve the following
two issues:

* A remotely exploitable crash vulnerability exists in the IAX2 channel
driver if an established call is placed on hold without a suggested music
class. Asterisk will attempt to use an invalid pointer to the music
on hold class name, potentially causing a crash.

* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
Channel driver. When an SCCP client closes its connection to the server,
a pointer in a structure is set to NULL. If the client was not in the
on-hook state at the time the connection was closed, this pointer is later
dereferenced. This allows remote authenticated connections the ability to
cause a crash in the server, denying services to legitimate users.

These issues and their resolution are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2012-007 and AST-2012-008, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf

Thank you for your continued support of Asterisk!

How to stop ringing when incoming PSTN call is answered externally?

This is a hard one to explain. My home PSTN line is connected via an Openvox A400P card to my Asterisk 1.6.2.23 box which then routes incoming calls to my 2 SCCP extensions.

The calls are routed just fine, but when a call is answered at one of the extensions or externally (by a home telephone) the asterisk extensions continue to ring one more time. Is there a way to have Asterisk drop an incoming PSTN call as soon as it’s answered?

CLI output when receiving a PSTN call: Starting simple switch on ‘DAHDI/3-1′