[asterisk-users] Important security alert: update your dialplans now!
C F
shmaltz at gmail.com
Sun Feb 14 12:48:46 CST 2010
On Sun, Feb 14, 2010 at 2:30 AM, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:
> On Sat, Feb 13, 2010 at 09:25:01PM -0500, C F wrote:
>> Excellent and very informative article, Thanks Olle.
>>
>> I ran thru lots of my dialplans now quickly to see if I have a catch
>> all exten anywhere. I couldn't find any that are accessible
>> unauthenticated, I always declare all fixed length extensions using
>> patterns the exception being international calls, but those are in
>> contexts accessible only from an inside - therefore authenticated -
>> SIP client.
>
> Still, this allows them to use "numbers" such as
> 123456&Local/reboot at admin-context .
Agreed, but that would mean they would have to "guess" way too much.
Not useful for much.
>
> --
> Tzafrir Cohen
> icq#16849755 jabber:tzafrir.cohen at xorcom.com
> +972-50-7952406 mailto:tzafrir.cohen at xorcom.com
> http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list