[Asterisk-Users] Patching Asterisk for OpenH323 ASN.1 Vulnerabilities

Adam Hart adam at teragen.com.au
Wed Feb 25 15:13:20 MST 2004


> The consensus in the Asterisk community seems to be that (somehow)
Asterisk
> is not vulnerable to these security holes, which many experts consider
> quite serious. I am frankly having a lot of trouble understanding where
> this bliss is coming from. From my reading on this, it looks to me as
> though the developers of OpenH323 have acknowledged that their code
> ***IS*** vulnerable, and have published a patch.

Yes, asterisk is vulnerable if you have H.323 running.


> I tried downloading the above versions, and Asterisk does not build with
> these versions. Is there a version of Asterisk I need to check out of CVS
> to get patched versions of H.323 to build? How does one incorporate these
> fixes into Asterisk???
>

What happens when you try and compile asterisk with the latest version of
OpenH323, it's been a few months since i've done it but it used to work.




More information about the asterisk-users mailing list