Re: [asterisk-users] Asterisk Voicemail changes

2017-08-31 Thread Tim Turpin 
Is there a way that I can modify the source code for the voicemail application? 
 I need to change some of the options in the user’s interface to make it work 
like an existing system that I’m replacing.

 

Thanks.

Tim

 

 

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jonathan H
Sent: Thursday, August 31, 2017 6:30 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Voicemail changes

 

What about just using the built-in options? In 
http://doxygen.asterisk.org/trunk/voicemail.conf.html; you can configure the 
following:

 

; listen-control-forward-key=# ; Customize the key that fast-forwards message 
playback
; listen-control-reverse-key=* ; Customize the key that rewinds message playback
; listen-control-pause-key=0  ; Customize the key that pauses/unpauses message 
playback
; listen-control-restart-key=2 ; Customize the key that restarts message 
playback
; listen-control-stop-key=13456789; Customize the keys that interrupt 
message playback, probably all keys not set above

 

On 31 August 2017 at 23:16, Tim Turpin  wrote:

I’m looking to change the TUI, the Telephone User Interface.  In other words, 
instead of pressing ‘1’ to play a message, I want to press ‘7’, etc., etc.

 

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jonathan H
Sent: Thursday, August 31, 2017 6:13 PM


To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Voicemail changes

 

Well, yes, anyone can recompile anything! But what exactly is it that the 
current voicemail can't do or be modified to do through normal dialplan and 
config?

 

On 31 August 2017 at 23:07, Tim Turpin  wrote:

Thanks for the info, but not really what I’m looking for.  If possible, I’d 
like to modify the source and re-compile the existing voicemail to make it 
match what I have today.

 

Thanks.

 

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jonathan H
Sent: Thursday, August 31, 2017 4:13 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Voicemail changes

 

What about MiniVM? http://doxygen.asterisk.org/trunk/App_minivm.html

Example: http://doxygen.asterisk.org/trunk/Config_minivm_examples.html

 

That said, I don't know if it's actually actively developed or stable (docs 
last updated 2015 - Asterisk team?)

 

Also make sure your Asterisk is up to date because of 
https://issues.asterisk.org/jira/browse/ASTERISK-27103

 

On 31 August 2017 at 16:12, Tim Turpin  wrote:

Is there a way that I can modify the source code for the voicemail application? 
 I need to change some of the options in the user’s interface to make it work 
like an existing system that I’m replacing.

 

Thanks.

Tim


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk Voicemail changes

2017-08-31 Thread Jonathan H 
What about just using the built-in options? In
http://doxygen.asterisk.org/trunk/voicemail.conf.html; you can configure
the following:

; listen-control-forward-key=#  ; Customize the key that fast-forwards
message playback
; listen-control-reverse-key=*  ; Customize the key that rewinds message 
playback
; listen-control-pause-key=0; Customize the key that pauses/unpauses
message playback
; listen-control-restart-key=2  ; Customize the key that restarts
message playback
; listen-control-stop-key=13456789  ; Customize the keys that interrupt
message playback, probably all keys not set above


On 31 August 2017 at 23:16, Tim Turpin  wrote:

> I’m looking to change the TUI, the Telephone User Interface.  In other
> words, instead of pressing ‘1’ to play a message, I want to press ‘7’,
> etc., etc.
>
>
>
> *From:* asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-
> boun...@lists.digium.com] *On Behalf Of *Jonathan H
> *Sent:* Thursday, August 31, 2017 6:13 PM
>
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion
> *Subject:* Re: [asterisk-users] Asterisk Voicemail changes
>
>
>
> Well, yes, anyone can recompile anything! But what exactly is it that the
> current voicemail can't do or be modified to do through normal dialplan and
> config?
>
>
>
> On 31 August 2017 at 23:07, Tim Turpin  wrote:
>
> Thanks for the info, but not really what I’m looking for.  If possible,
> I’d like to modify the source and re-compile the existing voicemail to make
> it match what I have today.
>
>
>
> Thanks.
>
>
>
> *From:* asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-
> boun...@lists.digium.com] *On Behalf Of *Jonathan H
> *Sent:* Thursday, August 31, 2017 4:13 PM
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion
> *Subject:* Re: [asterisk-users] Asterisk Voicemail changes
>
>
>
> What about MiniVM? http://doxygen.asterisk.org/trunk/App_minivm.html
>
> Example: http://doxygen.asterisk.org/trunk/Config_minivm_examples.html
>
>
>
> That said, I don't know if it's actually actively developed or stable
> (docs last updated 2015 - Asterisk team?)
>
>
>
> Also make sure your Asterisk is up to date because of
> https://issues.asterisk.org/jira/browse/ASTERISK-27103
>
>
>
> On 31 August 2017 at 16:12, Tim Turpin  wrote:
>
> Is there a way that I can modify the source code for the voicemail
> application?  I need to change some of the options in the user’s interface
> to make it work like an existing system that I’m replacing.
>
>
>
> Thanks.
>
> Tim
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk Voicemail changes

2017-08-31 Thread Tim Turpin 
I’m looking to change the TUI, the Telephone User Interface.  In other words, 
instead of pressing ‘1’ to play a message, I want to press ‘7’, etc., etc.

 

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jonathan H
Sent: Thursday, August 31, 2017 6:13 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Voicemail changes

 

Well, yes, anyone can recompile anything! But what exactly is it that the 
current voicemail can't do or be modified to do through normal dialplan and 
config?

 

On 31 August 2017 at 23:07, Tim Turpin  wrote:

Thanks for the info, but not really what I’m looking for.  If possible, I’d 
like to modify the source and re-compile the existing voicemail to make it 
match what I have today.

 

Thanks.

 

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jonathan H
Sent: Thursday, August 31, 2017 4:13 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Voicemail changes

 

What about MiniVM? http://doxygen.asterisk.org/trunk/App_minivm.html

Example: http://doxygen.asterisk.org/trunk/Config_minivm_examples.html

 

That said, I don't know if it's actually actively developed or stable (docs 
last updated 2015 - Asterisk team?)

 

Also make sure your Asterisk is up to date because of 
https://issues.asterisk.org/jira/browse/ASTERISK-27103

 

On 31 August 2017 at 16:12, Tim Turpin  wrote:

Is there a way that I can modify the source code for the voicemail application? 
 I need to change some of the options in the user’s interface to make it work 
like an existing system that I’m replacing.

 

Thanks.

Tim


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk Voicemail changes

2017-08-31 Thread Jonathan H 
Well, yes, anyone can recompile anything! But what exactly is it that the
current voicemail can't do or be modified to do through normal dialplan and
config?

On 31 August 2017 at 23:07, Tim Turpin  wrote:

> Thanks for the info, but not really what I’m looking for.  If possible,
> I’d like to modify the source and re-compile the existing voicemail to make
> it match what I have today.
>
>
>
> Thanks.
>
>
>
> *From:* asterisk-users-boun...@lists.digium.com [mailto:asterisk-users-
> boun...@lists.digium.com] *On Behalf Of *Jonathan H
> *Sent:* Thursday, August 31, 2017 4:13 PM
> *To:* Asterisk Users Mailing List - Non-Commercial Discussion
> *Subject:* Re: [asterisk-users] Asterisk Voicemail changes
>
>
>
> What about MiniVM? http://doxygen.asterisk.org/trunk/App_minivm.html
>
> Example: http://doxygen.asterisk.org/trunk/Config_minivm_examples.html
>
>
>
> That said, I don't know if it's actually actively developed or stable
> (docs last updated 2015 - Asterisk team?)
>
>
>
> Also make sure your Asterisk is up to date because of
> https://issues.asterisk.org/jira/browse/ASTERISK-27103
>
>
>
> On 31 August 2017 at 16:12, Tim Turpin  wrote:
>
> Is there a way that I can modify the source code for the voicemail
> application?  I need to change some of the options in the user’s interface
> to make it work like an existing system that I’m replacing.
>
>
>
> Thanks.
>
> Tim
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk Voicemail changes

2017-08-31 Thread Tim Turpin 
Thanks for the info, but not really what I’m looking for.  If possible, I’d 
like to modify the source and re-compile the existing voicemail to make it 
match what I have today.

 

Thanks.

 

From: asterisk-users-boun...@lists.digium.com 
[mailto:asterisk-users-boun...@lists.digium.com] On Behalf Of Jonathan H
Sent: Thursday, August 31, 2017 4:13 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Asterisk Voicemail changes

 

What about MiniVM? http://doxygen.asterisk.org/trunk/App_minivm.html

Example: http://doxygen.asterisk.org/trunk/Config_minivm_examples.html

 

That said, I don't know if it's actually actively developed or stable (docs 
last updated 2015 - Asterisk team?)

 

Also make sure your Asterisk is up to date because of 
https://issues.asterisk.org/jira/browse/ASTERISK-27103

 

On 31 August 2017 at 16:12, Tim Turpin  wrote:

Is there a way that I can modify the source code for the voicemail application? 
 I need to change some of the options in the user’s interface to make it work 
like an existing system that I’m replacing.

 

Thanks.

Tim


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

 

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] Asterisk Voicemail changes

2017-08-31 Thread Jonathan H 
What about MiniVM? http://doxygen.asterisk.org/trunk/App_minivm.html
Example: http://doxygen.asterisk.org/trunk/Config_minivm_examples.html

That said, I don't know if it's actually actively developed or stable (docs
last updated 2015 - Asterisk team?)

Also make sure your Asterisk is up to date because of
https://issues.asterisk.org/jira/browse/ASTERISK-27103

On 31 August 2017 at 16:12, Tim Turpin  wrote:

> Is there a way that I can modify the source code for the voicemail
> application?  I need to change some of the options in the user’s interface
> to make it work like an existing system that I’m replacing.
>
>
>
> Thanks.
>
> Tim
>
> --
> _
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> Check out the new Asterisk community forum at: https://community.asterisk.
> org/
>
> New to Asterisk? Start here:
>   https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>http://lists.digium.com/mailman/listinfo/asterisk-users
>
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] ERROR during high volume MoH dialplan

2017-08-31 Thread Pete Mundy 
>> On Thu, 31 Aug 2017, Joseph Smith wrote:
>> 
>> So I am looking for a better way to allow several thousand callers to listen 
>> to this IVR menu at the same time.


> On 1/09/2017, at 7:10 AM, Steve Edwards  wrote:
> 
> I'm thinking multiple hosts.
> 
> I'm not a fan of 4,000 eggs in one basket.


+1 for horizontal scaling as the best solution in this situation.

Pete



signature.asc
Description: Message signed with OpenPGP
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] ERROR during high volume MoH dialplan

2017-08-31 Thread Steve Edwards 

On Thu, 31 Aug 2017, Joseph Smith wrote:

So I am looking for a better way to allow several thousand callers to 
listen to this IVR menu at the same time.


I'm thinking multiple hosts.

I'm not a fan of 4,000 eggs in one basket.

--
Thanks in advance,
-
Steve Edwards   sedwa...@sedwards.com  Voice: +1-760-468-3867 PST
https://www.linkedin.com/in/steve-edwards-4244281

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] AST-2017-007: Remote Crash Vulerability in res_pjsip

2017-08-31 Thread Asterisk Security Team 
   Asterisk Project Security Advisory - AST-2017-007

 ProductAsterisk  
 SummaryRemote Crash Vulerability in res_pjsip
Nature of Advisory  Denial of Service 
  SusceptibilityRemote Unauthenticated Sessions   
 Severity   Moderate  
  Exploits KnownNo
   Reported On  August 30, 2017   
   Reported By  Ross Beer 
Posted On   
 Last Updated OnAugust 30, 2017   
 Advisory Contact   George Joseph  
 CVE Name   

Description  A carefully crafted URI in a From, To or Contact header  
 could cause Asterisk to crash.   

Resolution  Patched pjsip_message_ip_updater to properly ignore the   
trigger URI.  

   Affected Versions  
Product   Release Series  
  Asterisk Open Source   13.15.0  
  Asterisk Open Source14.4.0  

  Corrected In   
Product  Release  
 Asterisk Open Source13.17.1, 14.6.1  

Patches  
SVN URL  Revision 
   http://downloads.asterisk.org/pub/security/AST-2017-007-13.diff   Asterisk 
 13   
   http://downloads.asterisk.org/pub/security/AST-2017-007-14.diff   Asterisk 
 14   

Links  https://issues.asterisk.org/jira/browse/ASTERISK-27152 

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at http://downloads.digium.com/pub/security/.pdf   
and http://downloads.digium.com/pub/security/.html

Revision History
 Date   Editor   Revisions Made   
August 30, 2017  George Joseph  Initial document created  

  Asterisk Project Security Advisory -
  Copyright (c) 2017 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] AST-2017-005: Media takeover in RTP stack

2017-08-31 Thread Asterisk Security Team 
   Asterisk Project Security Advisory - AST-2017-005

 ProductAsterisk  
 SummaryMedia takeover in RTP stack   
Nature of Advisory  Unauthorized data disclosure  
  SusceptibilityRemote Unauthenticated Sessions   
 Severity   Critical  
  Exploits KnownNo
   Reported On  May 17, 2017  
   Reported By  Klaus-Peter Junghanns 
Posted On   
 Last Updated OnAugust 30, 2017   
 Advisory Contact   Joshua Colp  
 CVE Name   

Description  The "strictrtp" option in rtp.conf enables a feature of the  
 RTP stack that learns the source address of media for a  
 session and drops any packets that do not originate from 
 the expected address. This option is enabled by default in   
 Asterisk 11 and above.   
  
 The "nat" and "rtp_symmetric" options for chan_sip and   
 chan_pjsip respectively enable symmetric RTP support in the  
 RTP stack. This uses the source address of incoming media
 as the target address of any sent media. This option is not  
 enabled by default but is commonly enabled to handle 
 devices behind NAT.  
  
 A change was made to the strict RTP support in the RTP   
 stack to better tolerate late media when a reinvite occurs.  
 When combined with the symmetric RTP support this
 introduced an avenue where media could be hijacked. Instead  
 of only learning a new address when expected the new code
 allowed a new source address to be learned at all times. 
  
 If a flood of RTP traffic was received the strict RTP
 support would allow the new address to provide media and 
 with symmetric RTP enabled outgoing traffic would be sent
 to this new address, allowing the media to be hijacked.  
 Provided the attacker continued to send traffic they would   
 continue to receive traffic as well. 

Resolution  The RTP stack will now only learn a new source address if it  
has been told to expect the address to change. The RTCP   
support has now also been updated to drop RTCP reports that   
are not regarding the RTP session currently in progress. The  
strict RTP learning progress has also been improved to guard  
against a flood of RTP packets attempting to take over the
media stream. 

   Affected Versions   
 Product   Release  
   Series   
  Asterisk Open Source  11.x11.4.0
  Asterisk Open Source  13.xAll Releases  
  Asterisk Open Source  14.xAll Releases  
   Certified Asterisk   11.6All Releases  
   Certified Asterisk   13.13   All Releases  

  Corrected In
  Product  Release
Asterisk Open Source   11.25.2, 13.17.1, 14.6.1   
 Certified Asterisk11.6-cert17, 13.13-cert5   

 Patches  
SVN URL   Revision  
   http://downloads.asterisk.org/pub/security/AST-2017-005-11.diffAsterisk  
  11
   http://downloads.asterisk.org/pub/security/AST-2017-005-13.diffAsterisk  
  13
   http://downloads.asterisk.org/pub/security/AST-2017-005-14.diffAsterisk  
  14

[asterisk-users] AST-2017-006: Shell access command injection in app_minivm

2017-08-31 Thread Asterisk Security Team 
   Asterisk Project Security Advisory - AST-2017-006

 ProductAsterisk  
 SummaryShell access command injection in app_minivm  
Nature of Advisory  Unauthorized command execution
  SusceptibilityRemote Authenticated Sessions 
 Severity   Moderate  
  Exploits KnownNo
   Reported On  July 1, 2017  
   Reported By  Corey Farrell 
Posted On   
 Last Updated OnJuly 11, 2017 
 Advisory Contact   Richard Mudgett   
 CVE Name   

Description  The app_minivm module has an “externnotify” program
  
 configuration option that is executed by the MinivmNotify
 dialplan application. The application uses the caller-id 
 name and number as part of a built string passed to the OS   
 shell for interpretation and execution. Since the caller-id  
 name and number can come from an untrusted source, a 
 crafted caller-id name or number allows an arbitrary shell   
 command injection.   

Resolution  Patched Asterisk’s app_minivm module to use a different   
system call that passes argument strings in an array instead  
of having the OS shell determine the application parameter
boundaries.   

   Affected Versions   
 Product   Release  
   Series   
  Asterisk Open Source  11.xAll releases  
  Asterisk Open Source  13.xAll releases  
  Asterisk Open Source  14.xAll releases  
   Certified Asterisk   11.6All releases  
   Certified Asterisk   13.13   All releases  

  Corrected In
  Product  Release
Asterisk Open Source   11.25.2, 13.17.1, 14.6.1   
 Certified Asterisk11.6-cert17, 13.13-cert5   

 Patches  
SVN URL   Revision  
   http://downloads.asterisk.org/pub/security/AST-2017-006-11.diffAsterisk  
  11
   http://downloads.asterisk.org/pub/security/AST-2017-006-13.diffAsterisk  
  13
   http://downloads.asterisk.org/pub/security/AST-2017-006-14.diffAsterisk  
  14
   http://downloads.asterisk.org/pub/security/AST-2017-006-11.6.diff  Certified 
  Asterisk  
  11.6  
   http://downloads.asterisk.org/pub/security/AST-2017-006-13.13.diff Certified 
  Asterisk  
  13.13 

Links  https://issues.asterisk.org/jira/browse/ASTERISK-27103 

Asterisk Project Security Advisories are posted at
http://www.asterisk.org/security  
  
This document may be superseded by later versions; if so, the latest  
version will be posted at 
http://downloads.digium.com/pub/security/AST-2017-006.pdf and 
http://downloads.digium.com/pub/security/AST-2017-006.html

Revision History
Date   EditorRevisions Made   
July 11, 2017  Richard Mudgett  Initial document created  

   Asterisk Project Security Advisory - AST-2017-006
   Copyright © 2017 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
   original, unaltered form.


--

[asterisk-users] Asterisk 11.25.2, 13.17.1, 14.6.1, 11.6-cert17, 13.13-cert5 Now Available (Security Release)

2017-08-31 Thread Asterisk Development Team 
The Asterisk Development Team has announced security releases for Asterisk
11, 13, and 14, and for Certified Asterisk 11.6 and 13.13. The
available security
release versions are 11.25.2, 13.17.1, 14.6.1, 11.6-cert17, and 13.13-cert5.

These releases are available for immediate download at

http://downloads.asterisk.org/pub/telephony/asterisk/releases
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/

The release of these versions resolves the following security
vulnerabilities:

* AST-2017-005 (applied to all released versions): The "strictrtp" option
in rtp.conf enables a feature of the RTP stack that learns the source
address of media for a session and drops any packets that do not originate
from the expected address. This option is enabled by default in Asterisk 11
and above.

The "nat" and "rtp_symmetric" options for chan_sip and chan_pjsip
respectively enable symmetric RTP support in the RTP stack. This uses the
source address of incoming media as the target address of any sent media.
This option is not enabled by default but is commonly enabled to handle devices
behind NAT.

A change was made to the strict RTP support in the RTP stack to better
tolerate late media when a reinvite occurs. When combined with the
symmetric RTP support this introduced an avenue where media could be
hijacked. Instead of only learning a new address when expected the new
code allowed
a new source address to be learned at all times.

If a flood of RTP traffic was received the strict RTPsupport would allow
the new address to provide media and with symmetric RTP enabled outgoing
traffic would be sent to this new address, allowing the media to be
hijacked. Provided the attacker continued to send traffic they would continue
to receive traffic as well.

* AST-2017-006 (applied to all released versions): The app_minivm module
has an “externnotify” program configuration option that is executed by the
MinivmNotify dialplan application. The application uses the caller-id name
and number as part of a built string passed to the OS shell for
interpretation and execution. Since the caller-id name and number can come
from an untrusted source, a crafted caller-id name or number allows an
arbitrary shell command injection.

* AST-2017-007 (applied only to 13.17.1 and 14.6.1): A carefully crafted
URI in a From, To or Contact header could cause Asterisk to crash.

For a full list of changes in the current releases, please see the
ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/
releases/ChangeLog-11.25.2

http://downloads.asterisk.org/pub/telephony/asterisk/
releases/ChangeLog-13.17.1
http://downloads.asterisk.org/pub/telephony/asterisk/
releases/ChangeLog-14.6.1

http://downloads.asterisk.org/pub/telephony/certified-
asterisk/releases/ChangeLog-11.6-cert17
http://downloads.asterisk.org/pub/telephony/certified-
asterisk/releases/ChangeLog-13.13-cert5

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2017-005.pdf
 * http://downloads.asterisk.org/pub/security/AST-2017-006.pdf
 * http://downloads.asterisk.org/pub/security/AST-2017-007.pdf

Thank you for your continued support of Asterisk!
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] ERROR during high volume MoH dialplan

2017-08-31 Thread Daniel Tryba 
On Thu, Aug 31, 2017 at 05:54:43PM +, Joseph Smith wrote:
> 
> So I am looking for a better way to allow several thousand callers to listen 
> to this IVR menu at the same time.
> 

An alternative that comes to mind is to have 1 conference with 1 channel
playing MoH in it and then add callers in a muted state to it. Never
tried this, don't know if it fits your case.


-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] ERROR during high volume MoH dialplan

2017-08-31 Thread Joseph Smith 
It is meant to simulate simultaneous calls on an IVR.  I have also tested with 
a separate set of audio files closer to what the actual IVR menu.  This 
produced the same result.


I apologize for not clearly stating the use case up front.  I will try to give 
a bit more detail on that now.


I have an IVR menu and submenu that users may dial into. I initially tested 
with the IVR audio files.  When I began experiencing this issue I used MoH as 
an attempt to narrow down the problem to the simplest dialplan possible.


If I continue my test at this volume or a higher volume, I begin to get errors 
about reaching the maximum queue size for that particular taskprocessor.  
Since, these error proceeded that I thought that they may be the key to 
preventing the queue from maxing out.


It sounds like Richard is saying that these refcount logs may not actually be 
errors and can be ignored in this scenario.  If that is the case then is there 
anything that can be done about the task processor queue size?  Is that simply 
a side effect of having so many callers listening to the IVR at the same time?

pjsip.conf is currently setup with a trunk allowing incoming calls from a 
specific IP.  This is the task processor that is maxing out.

So I am looking for a better way to allow several thousand callers to listen to 
this IVR menu at the same time.

Thank you for the feedback thus far.

Any info and advice is helpful.

Thanks
Joseph




From: asterisk-users-boun...@lists.digium.com 
 on behalf of Antony Stone 

Sent: Thursday, August 31, 2017 11:58 AM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] ERROR during high volume MoH dialplan

On Thursday 31 August 2017 at 18:15:54, Joseph Smith wrote:

> I was hoping Asterisk would handle more than 4k simultaneous calls.

I know from experience that Asterisk can handle more than 4k simultaneous
calls, however it's an extreme case to have all of them playing music on hold.

I think that if you tested 4k simultaneous calls with standard media streams
on the majority of them, you would not experience the problem.

Is this a real problem for you - that Asterisk can't manage 4k MoH sessions
simultaneously, even though it can manage 4k standard phone calls?


Antony.

--
Someone has stolen all the toilets from New Scotland Yard.  Police say they
have absolutely nothing to go on.

   Please reply to the list;
 please *don't* CC me.

--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
api digital - problem solved.
www.api-digital.com
API Digital Website




Check out the new Asterisk community forum at: https://community.asterisk.org/
[https://community.asterisk.org/images/default-apple-touch-icon.png]

Asterisk Community
community.asterisk.org
The Asterisk Community's home for Discussion ... Is there any way to share same 
queue with same agents between multiple servers in a multiple server Asterisk 
...




New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started
Getting Started - Asterisk Project - Asterisk Project 
Wiki
wiki.asterisk.org
When learning Asterisk it is important to start off on the right foot, so this 
section of the wiki covers orientation for learning Asterisk as well as 
installation ...




asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] ERROR during high volume MoH dialplan

2017-08-31 Thread Antony Stone 
On Thursday 31 August 2017 at 18:15:54, Joseph Smith wrote:

> I was hoping Asterisk would handle more than 4k simultaneous calls.

I know from experience that Asterisk can handle more than 4k simultaneous 
calls, however it's an extreme case to have all of them playing music on hold.

I think that if you tested 4k simultaneous calls with standard media streams 
on the majority of them, you would not experience the problem.

Is this a real problem for you - that Asterisk can't manage 4k MoH sessions 
simultaneously, even though it can manage 4k standard phone calls?


Antony.

-- 
Someone has stolen all the toilets from New Scotland Yard.  Police say they 
have absolutely nothing to go on.

   Please reply to the list;
 please *don't* CC me.

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] ERROR during high volume MoH dialplan

2017-08-31 Thread Richard Mudgett 
On Thu, Aug 31, 2017 at 11:15 AM, Joseph Smith 
wrote:

> Is there any more information I can provide to give insight to these
> errors?
>
> Any further advice on avoiding these during high call volume?
>
>
> I was hoping Asterisk would handle more than 4k simultaneous calls.
>

* There is no user configurable option to change the excessive ref count
trigger value.  However, you could change the EXCESSIVE_REF_COUNT define
value in the main/astobj2.c file and recompile.

Richard
-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Re: [asterisk-users] ERROR during high volume MoH dialplan

2017-08-31 Thread Joseph Smith 
Is there any more information I can provide to give insight to these errors?

Any further advice on avoiding these during high call volume?


I was hoping Asterisk would handle more than 4k simultaneous calls.

Thanks

Joseph



From: asterisk-users-boun...@lists.digium.com 
 on behalf of Joseph Smith 

Sent: Monday, August 28, 2017 5:00 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] ERROR during high volume MoH dialplan


Hi Richard,

Thank you for the reply


Correct, I did mean 13.15.


I set no optimize and better backtrace through "make menuselect" and the output 
is now


[Aug 28 21:41:16] ERROR[17171][C-392d]: frame.c:343 ast_frdup: FRACK!, 
Failed assertion Excessive refcount 10 reached on ao2 object 0x21962b0 (0)

Got 26 backtrace records

#0: [0x61923f] main/utils.c:2475 __ast_assert_failed() (0x6191bb+84)

#1: [0x45ffc9] main/astobj2.c:543 __ao2_ref() (0x45fc3d+38C)

#2: [0x5320ce] main/frame.c:345 ast_frdup() (0x531e4c+282)

#3: [0x531a99] main/frame.c:196 ast_frisolate() (0x531a76+23)

#4: [0x60be51] main/translate.c:459 ast_trans_frameout() (0x60bd6e+E3)

#5: [0x60be75] main/translate.c:464 default_frameout()

#6: [0x60c46a] main/translate.c:579 ast_translate() (0x60c192+2D8)

#7: [0x4c0bf1] main/channel.c:5290 ast_write() (0x4bfb3e+10B3)

#8: [0x7fdef8345486] res/res_musiconhold.c:455 moh_files_generator()

#9: [0x4ba212] main/channel.c:3014 generator_force()

#10: [0x4bc23d] main/channel.c:3872 __ast_read()

#11: [0x4be29b] main/channel.c:4399 ast_read() (0x4be27e+1D)

#12: [0x4b6312] main/channel.c:1568 ast_safe_sleep_conditional() (0x4b6229+E9)

#13: [0x4b64c9] main/channel.c:1613 ast_safe_sleep() (0x4b64a1+28)

#14: [0x7fdef8346caa] res/res_musiconhold.c:834 play_moh_exec()

#15: [0x5970a3] main/pbx_app.c:491 pbx_exec() (0x596f87+11C)

#16: [0x582edf] main/pbx.c:2923 pbx_extension_helper()

#17: [0x586c30] main/pbx.c:4155 ast_spawn_extension() (0x586bcc+64)

#18: [0x5878bb] main/pbx.c:4328 __ast_pbx_run()

#19: [0x589061] main/pbx.c:4651 pbx_thread()

#20: [0x61624e] main/utils.c:1233 dummy_start()



* What codecs are you using in this setup?
In pjsip.conf I have disallow=all and allow=ulaw.  If I can provide more 
information or a better response to this question please guide me on how to do 
that.


Thanks
Joseph



From: asterisk-users-boun...@lists.digium.com 
 on behalf of Richard Mudgett 

Sent: Monday, August 28, 2017 2:17 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] ERROR during high volume MoH dialplan



On Mon, Aug 28, 2017 at 1:04 PM, Joseph Smith 
> wrote:

Hello,

I've recently setup a small load test against an instance of Asterisks.  I've 
tested on asterisk 13.5 and 14.6 with the same results.

I think you mean 13.15.0 as the excessive ref count trap is not in 13.5.0.

I am using PJSIP.  My dial plan is,

[test]

exten => 1001,1,Answer

exten => 1001,n,MusicOnHold(15)

exten => 1001,n,Hangup

I am using SIPP to test.  I can share XML if desired but it simply waits on the 
line while music plays for 8 seconds.  I used sippycup to generate it with the 
following steps in the yaml file.


steps:

  - invite

  - wait_for_answer

  - ack_answer

  - sleep 8

  - send_bye

At around 500 calls per second I begin to see the following ERRORs,


[Aug 28 17:46:14] ERROR[26150][C-5594]: frame.c:343 ast_frdup: Excessive 
refcount 10 reached on ao2 object 0x26bffc0

[Aug 28 17:46:14] ERROR[26150][C-5594]: frame.c:343 ast_frdup: FRACK!, 
Failed assertion Excessive refcount 10 reached on ao2 object 0x26bffc0 (0)

Got 19 backtrace records

#0: [0x45d229] /usr/sbin/asterisk(__ao2_ref+0x1a9) [0x45d229]

#1: [0x526ce6] /usr/sbin/asterisk(ast_frdup+0x116) [0x526ce6]

#2: [0x5fa616] /usr/sbin/asterisk(ast_translate+0x306) [0x5fa616]

#3: [0x4bf16b] /usr/sbin/asterisk(ast_write+0x104b) [0x4bf16b]

#4: [0x7efeb578230b] /usr/lib/asterisk/modules/res_musiconhold.so(+0x430b) 
[0x7efeb578230b]

#5: [0x4b5b52] /usr/sbin/asterisk() [0x4b5b52]

#6: [0x4c259c] /usr/sbin/asterisk() [0x4c259c]

#7: [0x4c4a45] /usr/sbin/asterisk() [0x4c4a45]

#8: [0x7efeb578478d] /usr/lib/asterisk/modules/res_musiconhold.so(+0x678d) 
[0x7efeb578478d]

#9: [0x58ec79] /usr/sbin/asterisk(pbx_exec+0xb9) [0x58ec79]

#10: [0x582e84] /usr/sbin/asterisk() [0x582e84]

#11: [0x584e7c] /usr/sbin/asterisk() [0x584e7c]

#12: [0x5863fb] /usr/sbin/asterisk() [0x5863fb]

#13: [0x60002a] /usr/sbin/asterisk() [0x60002a]

This inline backtrace would be more useful if you had BETTER_BACKTRACES enabled.



I've also seen similar behavior when using playback instead of MusicOnHold.  
CPU usage gets around 50%.  Can anyone enlighten me on the meaning and cause of 
the error?  Is

[asterisk-users] Asterisk Voicemail changes

2017-08-31 Thread Tim Turpin 
Is there a way that I can modify the source code for the voicemail
application?  I need to change some of the options in the user's interface
to make it work like an existing system that I'm replacing.

 

Thanks.

Tim

-- 
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
  https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

[asterisk-users] SayUnixTime plays nothing if say.conf mode=new and a format is specified

2017-08-31 Thread marek cervenka 

hi,

is there somebody who is using say.conf mode=new in Asterisk 13?

i'm searching for tips what to try in

https://issues.asterisk.org/jira/browse/ASTERISK-15421

Marek


--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

Check out the new Asterisk community forum at: https://community.asterisk.org/

New to Asterisk? Start here:
 https://wiki.asterisk.org/wiki/display/AST/Getting+Started

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
  http://lists.digium.com/mailman/listinfo/asterisk-users