[asterisk-bugs] [Asterisk 0016091]: Security Problem
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Oct 19 03:17:09 CDT 2009
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=16091
======================================================================
Reported By: thom4fun
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 16091
Category: Channels/chan_sip/General
Reproducibility: always
Severity: major
Priority: normal
Status: feedback
Asterisk Version: 1.6.1.6
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-10-18 03:22 CDT
Last Modified: 2009-10-19 03:17 CDT
======================================================================
Summary: Security Problem
Description:
We use Asterisk 1.6.1.6.
It seems that Asterisk will ignore the deny and permit values.
I have a try just like in 1.4.... where it works fine, but if I use the
values:
deny=0.0.0.0/0.0.0.0
permit=192.168.30.10
the call will be executed from everywhere.
Also I try the insecure option but I do not find a reason to give some
special clients the possibility to make an invite without authentication.
It looks like: Everybody or Nobody!
Also we try to use these options in the file sip.conf and PGSQL database.
Are there some hints to get deny/permit to work?
Regards
Thomas
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0000755 permit/deny not parsing mask
======================================================================
----------------------------------------------------------------------
(0112404) thom4fun (reporter) - 2009-10-19 03:17
https://issues.asterisk.org/view.php?id=16091#c112404
----------------------------------------------------------------------
Hello ebroad,
thanks for answer.
Now I have a new user in Sip.Conf:
[12345]
type=friend
context=athineou
secret=333
host=dynamic
deny=0.0.0.0/0.0.0.0
permit=192.168.99.60/255.255.255.255
contactdeny=0.0.0.0/0.0.0.0
contactpermit=192.168.99.60/255.255.255.255
Now I do not can register the client, but the client can dial an execute
the dialplan. Also: Changes of deny and permit effects to the register
command but not to the dialcommand and the changes effects only after
restart not after reload or sip reload.
Any further suggestions?
Regards
Thomas
Issue History
Date Modified Username Field Change
======================================================================
2009-10-19 03:17 thom4fun Note Added: 0112404
======================================================================
More information about the asterisk-bugs
mailing list