[Asterisk-Users] Asterisk Security vulnerability report
Olle E. Johansson
oej at edvina.net
Wed Sep 10 11:04:48 MST 2003
Tilghman Lesher wrote:
> On Wednesday 10 September 2003 10:51 am, Olle E. Johansson wrote:
>
>>Lubomir Christov wrote:
>>
>>>today I found this security report regarding Asterisk SIP
>>>Security.
>>>
>>>http://www.securiteam.com/securitynews/5LP0720B5G.html
>>
>>Important information. Why a "silent" patch and no information to
>>the mailing list? Security by obscurity :-(
>
>
> Probably because Mark doesn't have time to realize that somebody
> is going to publish a temporary vulnerability that he fixes in 5
> minutes. When someone points out a bug in my own programs, I'll
> go fix it, but I don't usually then publish a vulnerability page
> describing the problem: it's a bug, I fixed it, what's next?
I understand it from a programmer's view. But from the large user
base point of view - there's a lot of installations out there that
needs to be updated and they did not get the information that they
had to update. Not all want to CVS-update running systems to the
latest code.
The Asterisk community is growing. It's a large responsibility.
/O
More information about the asterisk-users
mailing list