[asterisk-biz] Recent REMOTE CRASH BUG

Matteo Brancaleoni mbrancaleoni at espia.it
Sat Mar 3 11:12:00 MST 2007


Hi,

On Fri, 2007-03-02 at 19:24 -0500, Mike Lynchfield wrote:
> news update seems they release .16 to fix.. not sure details  got
> banned on irc for showing the video of it in action..

Got banned for that?
That's a pretty bad behaviour....

So what about this :
http://lists.digium.com/pipermail/asterisk-commits/2007-March/011789.html
http://lists.digium.com/pipermail/asterisk-commits/2007-March/011788.html
http://lists.digium.com/pipermail/asterisk-commits/2007-March/011786.html

Finding a way to exploit this bug is pretty trivial if you look at the
patch....

hiding bug tracker & banning from irc is something too much...

also because a good programmer can findout with a diff
between 1.2.15 and 1.2.16 where the hole is...

so ihmo is better to show up the problem in order to urge
people to upgrade.

just my 2c

greetings,
Matteo.





More information about the asterisk-biz mailing list