Yep. I was wrong - sorry to add extra noise to the discussion<br>Thanks,<br><br><br>Cheers<br>Chris<br><br><br><br><div class="gmail_quote">On Fri, Feb 26, 2010 at 12:54 AM, Tilghman Lesher <span dir="ltr"><<a href="mailto:tlesher@digium.com">tlesher@digium.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="im">On Thursday 25 February 2010 05:47:10 Chris Mylonas wrote:<br>
> Please also note that in my testing of the exploit:<br>
><br>
> _X. with Dial(<tech>/${EXTEN}) is the potential exploit.<br>
> _1X. is not<br>
> _2X. is not<br>
> _3X. is not<br>
> ..<br>
> ..<br>
> _9X. is not<br>
> _0X. is not<br>
<br>
</div>This is incorrect. All that additional prefixes require is that additional<br>
numbers be prefixed to the attack string.<br>
<br>
However, there IS another limit that potential attackers face: extensions<br>
have a maximum limit of 79 characters (excluding NULL terminator). If you ran<br>
enough prefix characters (about 70 or so), an attacker would not have enough<br>
space to append the target string.<br>
<font color="#888888"><br>
--<br>
Tilghman Lesher<br>
Digium, Inc. | Senior Software Developer<br>
twitter: Corydon76 | IRC: Corydon76-dig (Freenode)<br>
</font><div class="im">Check us out at: <a href="http://www.digium.com" target="_blank">www.digium.com</a> & <a href="http://www.asterisk.org" target="_blank">www.asterisk.org</a><br>
<br>
--<br>
_____________________________________________________________________<br>
</div><div><div></div><div class="h5">-- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com" target="_blank">http://www.api-digital.com</a> --<br>
<br>
asterisk-dev mailing list<br>
To UNSUBSCRIBE or update options visit:<br>
<a href="http://lists.digium.com/mailman/listinfo/asterisk-dev" target="_blank">http://lists.digium.com/mailman/listinfo/asterisk-dev</a><br>
</div></div></blockquote></div><br>