[asterisk-dev] Dialstring injection - security advisory release?
Chris Mylonas
chris at opencsta.org
Thu Feb 11 16:10:15 CST 2010
I think this has gone a bit over the top.
Simply put, just before a Dial application, put the FILTER function - no?
On Fri, Feb 12, 2010 at 8:47 AM, Matt Riddell <lists at venturevoip.com> wrote:
> On 12/02/10 10:35 AM, Tilghman Lesher wrote:
> >> If it was a feature, surely it would be suggested that the one line
> >> change, defaulting to on in asterisk.conf would be preferred.
> >
> > But it's not a feature, nor is it a bug in the dialplan. Rather, it's a
> bug
> > in certain people's dialplans, which should be fixed. Hence, educating
> > people about the potential is the right way forward.
>
> Oh well, few days of pretty intense work coming up to fix a bit under a
> hundred Asterisk boxes :)
>
> Maybe it makes sense for me to just write a patch I maintain out of tree.
>
> --
> Cheers,
>
> Matt Riddell
> Managing Director
> _______________________________________________
>
> http://www.venturevoip.com/news.php (Daily Asterisk News)
> http://www.venturevoip.com/exchange.php (Full ITSP Solution)
> http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer)
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-dev/attachments/20100212/124b592e/attachment.htm
More information about the asterisk-dev
mailing list