If you ever get an answer to this please let me know off-line, [EMAIL PROTECTED]
I have a security expert friend using Asterisk who is interested in running a whole set of such tests on it. My theory is it is security swiss cheese. Thanks, John V. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Rosenberg Sent: Tuesday, March 30, 2004 2:53 PM To: [EMAIL PROTECTED] Subject: [Asterisk-Users] Asterisk Security Audit? Has Asterisk ever been audited for common security holes, such as buffer overruns? A quick grep through the source for routines that should never be used, like strcpy, strcat, etc., reveals a lot of it. I fear I fear. Has anyone flung pathology at IAX2 to see if it stands up to malformed packets? (This is always an issue when you have a protocol that only a small number of programs use ...) I hope I'm wrong, but I have a very queasy feeling ... [We already know that H.323 is not being looked after, security-wise ...] _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
