[asterisk-users] Important security alert: update your dialplans now!
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Feb 14 01:30:10 CST 2010
On Sat, Feb 13, 2010 at 09:25:01PM -0500, C F wrote:
> Excellent and very informative article, Thanks Olle.
>
> I ran thru lots of my dialplans now quickly to see if I have a catch
> all exten anywhere. I couldn't find any that are accessible
> unauthenticated, I always declare all fixed length extensions using
> patterns the exception being international calls, but those are in
> contexts accessible only from an inside - therefore authenticated -
> SIP client.
Still, this allows them to use "numbers" such as
123456&Local/reboot at admin-context .
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list