[Asterisk-Dev] Security issue mumblings

Alexander O. Lopez alex.lopez at opsys.com
Sun Nov 6 20:14:27 MST 2005


I searched as I recall someone tell ing me that they could do this with the
extensions in H.323 (H.450.9 more specifically). I cannot attest to the
success or failure of his ascertations, but I did feel smoke blowing up my
ass.


Alex
> -----Original Message-----
> From: asterisk-dev-bounces at lists.digium.com
> [mailto:asterisk-dev-bounces at lists.digium.com] On Behalf Of John Todd
> Sent: Sunday, November 06, 2005 2:49 PM
> To: asterisk-dev at lists.digium.com
> Subject: [Asterisk-Dev] Security issue mumblings
>
> [sent to -dev first to avoid total devolution into wild
> speculation and nonsense on -users]
>
> http://www.accessintel.com/cgi-bin/press/show.cgi?1130972376
>
> Can anyone here speak more clearly on this otherwise
> un-useful list of assertions as to "security flaws with VoIP"
> specifically referencing Asterisk?  The lack of a protocol
> discussion is suspicious - VoIP is not homogenous.  The other
> term of "billing code" is also suspicious - I can't recall a
> "billing code" field in my SIP packets.  CCM is mentioned -
> is this an SCCP issue?
>
> Perhaps most importantly (and relevant to -dev) is this an
> issue that can be resolved or patched within Asterisk, or is
> it that Asterisk is being used as the toolset to wedge into
> other platforms?
>
> Please respond to this post with real data if you have it;
> guesses and speculation are just noise.
>
> JT
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev





More information about the asterisk-dev mailing list