[asterisk-dev] Dialstring injection - security advisory release?

Matt Riddell lists at venturevoip.com
Thu Feb 11 15:47:07 CST 2010


On 12/02/10 10:35 AM, Tilghman Lesher wrote:
>> If it was a feature, surely it would be suggested that the one line
>> change, defaulting to on in asterisk.conf would be preferred.
>
> But it's not a feature, nor is it a bug in the dialplan.  Rather, it's a bug
> in certain people's dialplans, which should be fixed.  Hence, educating
> people about the potential is the right way forward.

Oh well, few days of pretty intense work coming up to fix a bit under a 
hundred Asterisk boxes :)

Maybe it makes sense for me to just write a patch I maintain out of tree.

-- 
Cheers,

Matt Riddell
Managing Director
_______________________________________________

http://www.venturevoip.com/news.php (Daily Asterisk News)
http://www.venturevoip.com/exchange.php (Full ITSP Solution)
http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer)



More information about the asterisk-dev mailing list