search for: voipsa

The Asterisk and Zaptel development teams have released Asterisk version 1.2.17. Along with minor bug fixes, this release incorporates a fix for the SIP DoS vulnerability recently discovered by INRIA Lorraine (http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html). All users of Asterisk 1.2 with the SIP channel driver loaded and connected to an untrusted network are urged to update to this release to avoid the possibility of experiencing this problem. Thanks for your support of Asterisk and Zaptel!

...DTMF handling in the IAX2 channel driver There are also two security-related changes in this version: - a fix for a SIP channel driver remote DoS vulnerability (http://bugs.digium.com/view.php?id=9313) - a fix for a SIP channel driver remote DoS vulnerability discovered by INRIA Lorraine (http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html) All users of Asterisk 1.4 with the SIP channel driver loaded and connected to an untrusted network are urged to update to this release to avoid the possibility of experiencing these problems. Thanks for your support of Asterisk and Zaptel!

The Asterisk and Zaptel development teams have released Asterisk version 1.2.17. Along with minor bug fixes, this release incorporates a fix for the SIP DoS vulnerability recently discovered by INRIA Lorraine (http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html). All users of Asterisk 1.2 with the SIP channel driver loaded and connected to an untrusted network are urged to update to this release to avoid the possibility of experiencing this problem. Thanks for your support of Asterisk and Zaptel!

...DTMF handling in the IAX2 channel driver There are also two security-related changes in this version: - a fix for a SIP channel driver remote DoS vulnerability (http://bugs.digium.com/view.php?id=9313) - a fix for a SIP channel driver remote DoS vulnerability discovered by INRIA Lorraine (http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html) All users of Asterisk 1.4 with the SIP channel driver loaded and connected to an untrusted network are urged to update to this release to avoid the possibility of experiencing these problems. Thanks for your support of Asterisk and Zaptel!

...d Henning Schulzrinne for taking a look at the tool during his seminars at Columbia. Also thanks to Anthony LaMantia, Tzafir Cohen, and the others on the dev list for tolerating my posts. Public apologies to Jay R. Ashworth for my mis-reading of the "(Missed)Trust in Caller ID" thread on VOIPSA ;) Coming 10/31/2006 http://www.infiltrated.net/asteroid/ -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo echo @infiltrated|sed 's/^/sil/g;s/$/.net/g' http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743 "How a man plays the game shows something of his...

...verity level for each advisory, so that end users can quickly determine which vulnerabilities they need to be concerned about. 5) We will post our security advisories to (at least) these mailing lists: - asterisk-security - asterisk-announce - asterisk-users - asterisk-dev - VOIPSEC (voipsec@voipsa.org) - bugtraq (bugtraq@securityfocus.com) - full-disclosure (full-disclosure@lists.grok.co.uk) - vulnwatch (vulnwatch@vulnwatch.org) 6) We will post and archive all our advisories on the asterisk.org website, and provide an RSS feed for those who wish to watch the advisory listing page with au...

...verity level for each advisory, so that end users can quickly determine which vulnerabilities they need to be concerned about. 5) We will post our security advisories to (at least) these mailing lists: - asterisk-security - asterisk-announce - asterisk-users - asterisk-dev - VOIPSEC (voipsec@voipsa.org) - bugtraq (bugtraq@securityfocus.com) - full-disclosure (full-disclosure@lists.grok.co.uk) - vulnwatch (vulnwatch@vulnwatch.org) 6) We will post and archive all our advisories on the asterisk.org website, and provide an RSS feed for those who wish to watch the advisory listing page with au...

I just read on Slashdot (at http://yro.slashdot.org/article.pl?sid=07/12/16/222243 ) that Trixbox "has been phoning home with statistics about their installations", as a Trixbox user exposed in "Trixbox Phones Home" at http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home . -- (C) Matthew Rubenstein