[asterisk-users] Important security alert: update your dialplans now!

Warren Selby wcselby at selbytech.com
Wed Feb 17 10:51:54 CST 2010


That's what I've started doing.



Thanks,
--Warren Selby

On Feb 17, 2010, at 8:29 AM, Miguel Molina <mmolina at millenium.com.co>  
wrote:

> Lenz Emilitri escribió:
>>
>> Ok but this is available today and works fine, so it can be used as a
>> zero day replacement. Any syntax change is welcome but will take time
>> until it gets in a public release  and does not save you the hassle  
>> to
>> change the dialplans anyway - unless you implement it as a default
>> behaviour at the SIP driver level. And I got a feeling that most
>> people will simply not bother learning regexps....
>> You could just as reasonably write a script to do the check, or run a
>> check in the dialplan itself, or change Asterisk.
>> l.
> Ok, if I get it the simplest workaround would be changing this:
>
> exten => _X.,1,Dial(SIP/${EXTEN})
>
> To this:
>
> exten => _X.,1,Dial(SIP/${FILTER(0123456789,${EXTEN})})
>
> If you're intended to receive only numbers from the dialstring, right?
>
> See http://www.voip-info.org/wiki/view/Asterisk+func+filter
>
> Regards,
>
> -- 
> Ing. Miguel Molina
> Grupo de Tecnología
> Millenium Phone Center
>
>
> -- 
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users



More information about the asterisk-users mailing list