[asterisk-users] Important security alert: update your dialplans now!

Miguel Molina mmolina at millenium.com.co
Wed Feb 17 08:29:57 CST 2010


Lenz Emilitri escribió:
>
> Ok but this is available today and works fine, so it can be used as a 
> zero day replacement. Any syntax change is welcome but will take time 
> until it gets in a public release  and does not save you the hassle to 
> change the dialplans anyway - unless you implement it as a default 
> behaviour at the SIP driver level. And I got a feeling that most 
> people will simply not bother learning regexps....
> You could just as reasonably write a script to do the check, or run a 
> check in the dialplan itself, or change Asterisk. 
> l.
Ok, if I get it the simplest workaround would be changing this:

exten => _X.,1,Dial(SIP/${EXTEN})

To this:

exten => _X.,1,Dial(SIP/${FILTER(0123456789,${EXTEN})})

If you're intended to receive only numbers from the dialstring, right?

See http://www.voip-info.org/wiki/view/Asterisk+func+filter

Regards,

-- 
Ing. Miguel Molina
Grupo de Tecnología
Millenium Phone Center




More information about the asterisk-users mailing list