[asterisk-biz] Recent REMOTE CRASH BUG
Matteo Brancaleoni
mbrancaleoni at espia.it
Sat Mar 3 11:12:00 MST 2007
Hi,
On Fri, 2007-03-02 at 19:24 -0500, Mike Lynchfield wrote:
> news update seems they release .16 to fix.. not sure details got
> banned on irc for showing the video of it in action..
Got banned for that?
That's a pretty bad behaviour....
So what about this :
http://lists.digium.com/pipermail/asterisk-commits/2007-March/011789.html
http://lists.digium.com/pipermail/asterisk-commits/2007-March/011788.html
http://lists.digium.com/pipermail/asterisk-commits/2007-March/011786.html
Finding a way to exploit this bug is pretty trivial if you look at the
patch....
hiding bug tracker & banning from irc is something too much...
also because a good programmer can findout with a diff
between 1.2.15 and 1.2.16 where the hole is...
so ihmo is better to show up the problem in order to urge
people to upgrade.
just my 2c
greetings,
Matteo.
More information about the asterisk-biz
mailing list