[Asterisk-Users] Asterisk Security Audit?
Jim Rosenberg
jr at amanue.com
Tue Mar 30 15:53:28 MST 2004
Has Asterisk ever been audited for common security holes, such as buffer
overruns?
A quick grep through the source for routines that should never be used,
like strcpy, strcat, etc., reveals a lot of it. I fear I fear.
Has anyone flung pathology at IAX2 to see if it stands up to malformed
packets? (This is always an issue when you have a protocol that only a
small number of programs use ...)
I hope I'm wrong, but I have a very queasy feeling ...
[We already know that H.323 is not being looked after, security-wise ...]
More information about the asterisk-users
mailing list