Please also note that in my testing of the exploit:<br><br>_X. with Dial(<tech>/${EXTEN}) is the potential exploit.<br>_1X. is not<br>_2X. is not<br>_3X. is not<br>..<br>..<br>_9X. is not<br>_0X. is not<br><br><br>
It's only the _X. pattern. (I have not tested _ZX.)<br><br><br>Please don't rely on this alone. Test it yourself and confirm/knock-down this.<br><br><span style="font-family: courier new,monospace;">[test-exploit2]<br>
exten = _X.,1,NoOp(################ TEST THAT THREAT)<br>exten = _X.,n,NoOp(################ TEST THAT THREAT)<br>exten = _X.,n,NoOp(################ TEST THAT THREAT)<br>
exten = _X.,n,NoOp(################ TEST THAT THREAT)<br>exten = _X.,n,NoOp(################ EXTEN: ${EXTEN})<br>exten = _X.,n,Dial(SIP/${EXTEN})<br>exten = _X.,n,Hangup</span><br><br><span style="font-family: courier new,monospace;">[test-exploit3]<br>
exten = _1X.,1,NoOp(################ TEST THAT THREAT)<br>exten = _1X.,n,NoOp(################ TEST THAT THREAT)<br>exten = _1X.,n,NoOp(################ TEST THAT THREAT)<br>
exten = _1X.,n,NoOp(################ TEST THAT THREAT)<br>exten = _1X.,n,NoOp(################ EXTEN: ${EXTEN})<br>exten = _1X.,n,Dial(SIP/${EXTEN})<br>exten = _1X.,n,Hangup</span><br><br><span style="font-family: courier new,monospace;">[test-exploit4]<br>
exten = _ZX.,1,NoOp(################ TEST THAT THREAT)<br>exten = _ZX.,n,NoOp(################ TEST THAT THREAT)<br>exten = _ZX.,n,NoOp(################ TEST THAT THREAT)<br>
exten = _ZX.,n,NoOp(################ TEST THAT THREAT)<br>exten = _ZX.,n,NoOp(################ EXTEN: ${EXTEN})<br>exten = _ZX.,n,Dial(SIP/${EXTEN})<br>exten = _ZX.,n,Hangup</span><br><br><br><br>Cheers<br>Chris<br><br><div class="gmail_quote">
On Thu, Feb 25, 2010 at 9:22 PM, Benny Amorsen <span dir="ltr"><<a href="mailto:benny%2Busenet@amorsen.dk">benny+usenet@amorsen.dk</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">Atis Lezdins <<a href="mailto:atis@iq-labs.net">atis@iq-labs.net</a>> writes:<br>
<br>
> Isn't the problem solved by using exact dialplan patterns only<br>
> allowing numbers or alpha-numeric characters? I have all calls going<br>
> through strict mask pattern, for example:<br>
><br>
> _XXXXX => internal calls<br>
> _18XXXXXXXXX => toll free calls<br>
<br>
</div>Many countries have variable-length numbers.<br>
<font color="#888888"><br>
<br>
/Benny<br>
</font><div><div></div><div class="h5"><br>
<br>
--<br>
_____________________________________________________________________<br>
-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</div></div></blockquote></div><br>