[asterisk-dev] Dialstring injection - security advisory release?
Jon Bonilla (Manwe)
manwe at aholab.ehu.es
Thu Feb 25 07:56:22 CST 2010
El Thu, 25 Feb 2010 07:54:08 -0600
Tilghman Lesher <tlesher at digium.com> escribió:
> However, there IS another limit that potential attackers face: extensions
> have a maximum limit of 79 characters (excluding NULL terminator). If you ran
> enough prefix characters (about 70 or so), an attacker would not have enough
> space to append the target string.
>
lol!
More information about the asterisk-dev
mailing list