Support A2Billing :

provided by Star2Billing S.L.

Support A2Billing :
It is currently Thu Mar 28, 2024 1:38 pm
Hosted Voice Broadcast


All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Dialplan injection vulnerability - [AST-2010-002]
PostPosted: Fri Feb 19, 2010 1:57 am 
Offline

Joined: Thu Feb 12, 2009 11:11 pm
Posts: 18
Location: Thessaloniki, Greece
Hi, this is URGENT.
It seems to be a very big hole in the way that Asterisk's Dial() command, parses the ${EXTEN} variable.

It can accept long INVITE data fields with the special character "&" resulting to Dial additional legs.
If your Dialplan uses the wildcard character "." to match certain numbers, then a malicious user can inject extra Dial strings to your Dialplan..

ie. suppose that you have a context with the following "catch-all" extension
exten => _X.,1,Dial(SIP/${EXTEN})

A user is able to send you packets with INVITE data as:
0044XXXXXXX&SIP/myitsp_provider/<A_NUMBER_FREE_OF_CHARGE>

Depending on my analysis, A2B does not seem to be affected by this because it does not call straight the Dial application.
It does use the Dial function, however, this is done inside the php AGI coding.
Maybe there is a simple sanity check for the number to be called.

I'd like to know if there are any potential vulnerabilities for the A2Billing platform, 1.3.3 and beyond.

Please refer to the official Asterisk security group announcement:
http://www.asterisk.org/security
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf

Regards
TZ


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 
Auto Dialer Software


All times are UTC


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group