cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ef32312f4a
openbsd-ports/telephony/asterisk/files/sip.conf.sample
sthen 312710642c SECURITY update to Asterisk 1.8.12.2 
AST-2012-007, AST-2012-008 fixed in the short-lived 1.8.12.1 release:

* A remotely exploitable crash vulnerability exists in the IAX2 channel
  driver if an established call is placed on hold without a suggested music
  class. Asterisk will attempt to use an invalid pointer to the music
  on hold class name, potentially causing a crash.

* A remotely exploitable crash vulnerability was found in the Skinny (SCCP)
  Channel driver. When an SCCP client closes its connection to the server,
  a pointer in a structure is set to NULL.  If the client was not in the
  on-hook state at the time the connection was closed, this pointer is later
  dereferenced. This allows remote authenticated connections the ability to
  cause a crash in the server, denying services to legitimate users.

Also from 1.8.12.2

* Resolve crash in subscribing for MWI notifications.

ASTOBJ_UNREF sets the variable to NULL after unreffing it, so the
variable should definitely not be used after that. To solve this in
the two cases that affect subscribing for MWI notifications, we
instead save the ref locally, and unref them in the error
conditions.
2012-05-30 22:45:26 +00:00

44 lines
1.1 KiB
Plaintext
Raw Blame History

; $OpenBSD: sip.conf.sample,v 1.8 2012/05/30 22:45:26 sthen Exp $
; Longer example available in ${TRUEPREFIX}/share/examples/asterisk/default
[general]
disallow=all
allow=ulaw
; If Asterisk server is behind nat with port-forwarding for some
; external clients, set the external address and local network and
; perhaps restrict the port range (see rtpstart/rtpend in rtp.conf).
;externip=11.22.33.44
;localnet=192.168.0.0/255.255.0.0
; Defaults for these include the Asterisk version number, which you
; might not want to expose.
useragent=Asterisk PBX
sdpsession=Asterisk PBX
; Phone #1
[100]
type=friend
; N.B. People can and do make very high-speed password scans of hosts
; responding to SIP; if you cannot restrict access by source IP address,
; be sure to use strong secrets and ideally also non-standard extension
; numbers if your users can live with them.
secret=DDmKucsYo7V4Sb_change_me
nat=yes
host=dynamic
directmedia=no
qualify=yes
mailbox=100
context=default
; Phone #2
[101]
type=friend
secret=96Odmh3decU1_change_me
nat=yes
host=dynamic
directmedia=no
qualify=yes
mailbox=100
context=default
Reference in New Issue View Git Blame Copy Permalink