wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 19,206
- Reaction score
- 5,230
For those of you that have been following the SIP CallerID Stack Overflow Vulnerability story, suffice it to say we thought we had this one put to bed.
Well, not so fast, says our fearless whiz kid, Tom King. In putting the finishing touches on the new update-programs and update-fixes (which you really need to run!), Tom happened to notice that the new SIP patch was being executed with the latest and greatest PIAF-Purple. It includes Asterisk 1.8.2.1 which supposedly patched the SIP bug.
You can test whether your servers have the bug with the following command:
grep "(*ptr && out - outbuf < buflen - 1)" /usr/src/asterisk/main/*
If your system has the SIP bug, you'll get a null string. Otherwise, you'll see an entry from utils.c.
And, guess what, Asterisk 1.8.2.1 still has the bug. Stay tuned for Asterisk 1.8.2.2 coming to a server near you shortly.
Well, not so fast, says our fearless whiz kid, Tom King. In putting the finishing touches on the new update-programs and update-fixes (which you really need to run!), Tom happened to notice that the new SIP patch was being executed with the latest and greatest PIAF-Purple. It includes Asterisk 1.8.2.1 which supposedly patched the SIP bug.
You can test whether your servers have the bug with the following command:
grep "(*ptr && out - outbuf < buflen - 1)" /usr/src/asterisk/main/*
If your system has the SIP bug, you'll get a null string. Otherwise, you'll see an entry from utils.c.
And, guess what, Asterisk 1.8.2.1 still has the bug. Stay tuned for Asterisk 1.8.2.2 coming to a server near you shortly.
Last edited by a moderator: