No subject
Sun Jul 19 19:54:31 CDT 2009
If someone installs Asterisk, allowtransfer=yes is the default. Now if
someone calls an IVR or a fax number (which are usually always up and can
answer the call) and as the IVR or the fax machine answers the call, and
now the caller presses TRANSFER (DTMF) on his phone, he can make a call in
the name of the callee, having the possibility to generate calls with
duration of thousands of minutes within a few hours. I AM NOT SURE IF I CAN
UNDERSTAND CLEARLY IF THIS IS A BUG IN ASTERISK. If yes, this is an
extremely dangerous problem in general and all Asterisk users should be
warned who use Asterisk in a cost sensible environment.
Issue History
Date Modified Username Field Change
======================================================================
2010-03-15 11:34 kovzol Note Added: 0119389
======================================================================
More information about the asterisk-bugs
mailing list