[asterisk-users] app_rpt

Kevin P. Fleming kpfleming at digium.com
Fri Mar 9 15:10:50 CST 2012

On 03/09/2012 02:56 PM, Josh Freeman wrote:
> The most current patched Asterisk, along with the most current app_rpt,
> can be found at
> http://svn.ohnosec.org/svn/projects/allstar/astsrc-1.4.23-pre/trunk/

I'm really trying to avoid fanning the flames here, but if that code is 
*really* based on 1.4.23, and hasn't been kept up to date with the 
Asterisk 1.4 releases, then that means it contains a number of security 
vulnerabilities that users should be aware of. Some of them are user 
enumeration vulnerabilities, but others (like AST-2011-010, 
AST-2011-005, AST-2011-001, and maybe more) are more serious.

Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at www.digium.com & www.asterisk.org

More information about the asterisk-users mailing list