[asterisk-bugs] [Asterisk 0016091]: Security Problem
Asterisk Bug Tracker
noreply at bugs.digium.com
Sun Oct 18 14:56:55 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=16091
======================================================================
Reported By: thom4fun
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 16091
Category: Channels/chan_sip/General
Reproducibility: always
Severity: major
Priority: normal
Status: new
Asterisk Version: 1.6.1.6
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-10-18 03:22 CDT
Last Modified: 2009-10-18 14:56 CDT
======================================================================
Summary: Security Problem
Description:
We use Asterisk 1.6.1.6.
It seems that Asterisk will ignore the deny and permit values.
I have a try just like in 1.4.... where it works fine, but if I use the
values:
deny=0.0.0.0/0.0.0.0
permit=192.168.30.10
the call will be executed from everywhere.
Also I try the insecure option but I do not find a reason to give some
special clients the possibility to make an invite without authentication.
It looks like: Everybody or Nobody!
Also we try to use these options in the file sip.conf and PGSQL database.
Are there some hints to get deny/permit to work?
Regards
Thomas
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0000755 permit/deny not parsing mask
======================================================================
----------------------------------------------------------------------
(0112397) ebroad (manager) - 2009-10-18 14:56
https://issues.asterisk.org/view.php?id=16091#c112397
----------------------------------------------------------------------
Try adding a /255.255.255.255 after the single IP, if that doesn't work,
try contactpermit/contactdeny.
Issue History
Date Modified Username Field Change
======================================================================
2009-10-18 14:56 ebroad Note Added: 0112397
======================================================================
More information about the asterisk-bugs
mailing list