[asterisk-dev] Dialstring injection - security advisory release?

Benny Amorsen benny+usenet at amorsen.dk
Thu Feb 25 04:22:43 CST 2010

Previous message: [asterisk-dev] Dialstring injection - security advisory release?
Next message: [asterisk-dev] Dialstring injection - security advisory release?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Atis Lezdins <atis at iq-labs.net> writes:

> Isn't the problem solved by using exact dialplan patterns only
> allowing numbers or alpha-numeric characters? I have all calls going
> through strict mask pattern, for example:
>
> _XXXXX => internal calls
> _18XXXXXXXXX => toll free calls

Many countries have variable-length numbers.


/Benny

Previous message: [asterisk-dev] Dialstring injection - security advisory release?
Next message: [asterisk-dev] Dialstring injection - security advisory release?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the asterisk-dev mailing list