[Asterisk-Users] Asterisk Security Audit?
John Vogel
johnv at comcast.net
Tue Mar 30 20:27:50 MST 2004
If you ever get an answer to this please let me know off-line,
johnv at comcast.net
I have a security expert friend using Asterisk who is interested in running
a whole set of such tests on it. My theory is it is security swiss cheese.
Thanks, John V.
-----Original Message-----
From: asterisk-users-admin at lists.digium.com
[mailto:asterisk-users-admin at lists.digium.com] On Behalf Of Jim Rosenberg
Sent: Tuesday, March 30, 2004 2:53 PM
To: asterisk-users at lists.digium.com
Subject: [Asterisk-Users] Asterisk Security Audit?
Has Asterisk ever been audited for common security holes, such as buffer
overruns?
A quick grep through the source for routines that should never be used, like
strcpy, strcat, etc., reveals a lot of it. I fear I fear.
Has anyone flung pathology at IAX2 to see if it stands up to malformed
packets? (This is always an issue when you have a protocol that only a small
number of programs use ...)
I hope I'm wrong, but I have a very queasy feeling ...
[We already know that H.323 is not being looked after, security-wise ...]
_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list