[Asterisk-Users] H.323 ASN.1 Vulnerabilities: Request for "official" patch!

Adam Hart adam at teragen.com.au
Wed Mar 3 20:04:54 MST 2004


Sorry, didn't realise that you were the original person who asked, you 
should have referenced the original post saying it doesn't work and that 
changes are needed in ast_h323.cpp to enable people to use the new 
openh323. Saying asterisk has a security hole isn't really correct, it's 
openh323. Most asterisk people don't care about H.323 so you're at the 
mercy of the few that do. I'd suggest A) you ask nicely, B) make a $ 
bounty or C) work out the problem yourself.

Have fun,

    Adam

Jim Rosenberg wrote:

>> See the existing discussion on this
>
>
> Ditto.
>
> IT DOES NOT WORK. Compiles, but no calls go through. I asked you to 
> post your exact versions of all components, but I don't believe you 
> did this. I have not been able to get it to work with Asterisk 0.7.2. 
> Just because *YOU* got it to work on your particular system does not 
> mean the problem is solved.
>
> If there is a way to get it to work reliably:
>
> 1. Please post complete details
>
> 2. Someone update asterisk.org with correct information.
>
> I believe it is correct that there is no "official" response on this 
> from Asterisk to what many people consider a "critcal" security issue. 
> "Read the archives" is nice, but really, the "default" Asterisk should 
> be fixed. And the fix needs to be tested on a variety of systems, too.
>
> I tried your exact version of pwlib, and have not been able to get a 
> *SINGLE* call to work.
>
>> See the existing discussion on this
>
>
> Ahem. I posted pretty thorough details on what wasn't working ... 
> Please respond so that the "discussion" can -- uh -- exist ...
>
> -T.i.A., Jim
>
> [Apologies for bandwidth-wasting inclusion below -- I'm reposting 
> since someone thinks this discussion has been "settled" ...]
>
>> On Thu, Feb 26, 2004 at 09:18:45AM +0800, LEOLCH at hgc.com.hk wrote:
>>
>>> In the Makefile inside asterisk/channels/h323 directory, there's a line
>>> like this:
>>> CFLAGS += -I$(PWLIBDIR)/include/ptlib/unix -I$(PWLIBDIR)/include
>>>
>>> try to use "-I$(PWLIBDIR)/include" ONLY, it should work.  I've compiled
>>> it with pwlib 1_6_2, which works fine
>>>
>>> leo
>>
>>
>> Sigh. I am having a very rough time here. Could you please post exactly
>> which versions of Asterisk and OpenH323 you used? When I use your advice
>> above I get a successful build, but I haven't got a single call to
>> actually *work* through H.323. Here are my results (all trials are
>> Asterisk 0.7.2):
>>
>> OpenH323 1.13.0 / Pwlib 1.6.0: Asterisk segfaults when it gets an H.323
>> call.
>>
>> OpenH323 1.13.2 / Pwlib 1.6.3: Channel won't load, there's an unresolved
>> symbol.
>>
>> OpenH323 1.13.2 / Pwlib 1.6.2: Asterisk appears to be fully stable. 
>> As far
>> as Asterisk is concerned, everything works: calls are made, answered,
>> bridged, all looks fine from the console. But nothing is actually making
>> it *back* through H.323 from the Asterisk end. When I call Asterisk
>> through H.323, Asterisk thinks things are fine, but from the calling end
>> it thinks no one answered. When I call from the Asterisk end, I never 
>> hear
>> anything that sounds like an answer.
>>
>> Now this looks *VERY* familiar. It sure is like the H.323 problems I had
>> right at first until I caught on to using *only* G.711 A-law. Once I
>> started making sure everyone was on ALAW, H.323 starting working fine
>> (except for DTMF, but that's a subject for a new thread ...)
>
>



More information about the asterisk-users mailing list