[asterisk-bugs] [Asterisk 0016091]: Security Problem

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Oct 19 12:24:26 CDT 2009 

A NOTE has been added to this issue. 
====================================================================== 
https://issues.asterisk.org/view.php?id=16091 
====================================================================== 
Reported By:                thom4fun
Assigned To:                
====================================================================== 
Project:                    Asterisk
Issue ID:                   16091
Category:                   Channels/chan_sip/General
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     confirmed
Asterisk Version:           1.6.1.6 
JIRA:                        
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2009-10-18 03:22 CDT
Last Modified:              2009-10-19 12:24 CDT
====================================================================== 
Summary:                    Security Problem
Description: 
We use Asterisk 1.6.1.6.

It seems that Asterisk will ignore the deny and permit values.
I have a try just like in 1.4.... where it works fine, but if I use the
values:
deny=0.0.0.0/0.0.0.0
permit=192.168.30.10
the call will be executed from everywhere.

Also I try the insecure option but I do not find a reason to give some
special clients the possibility to make an invite without authentication.
It looks like: Everybody or Nobody!

Also we try to use these options in the file sip.conf and PGSQL database.

Are there some hints to get deny/permit to work?

Regards
Thomas

======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0000755 permit/deny not parsing mask
====================================================================== 

---------------------------------------------------------------------- 
 (0112425) thom4fun (reporter) - 2009-10-19 12:24
 https://issues.asterisk.org/view.php?id=16091#c112425 
---------------------------------------------------------------------- 
Hello ebroad,

please excuse my english, but what does it mean to confirm it?
Is there somebody where it can patch?
Or will it be repared in the next version?

Regards and greetings from greece
Thomas 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2009-10-19 12:24 thom4fun       Note Added: 0112425                          
======================================================================

More information about the asterisk-bugs mailing list