Comments on: Fixing the Asterisk Security Hole in TrixBox Systems

By: Dan

Dan — Mon, 16 Apr 2007 04:33:12 +0000

It looks like zaptel-1.2.16.tar.gz and asterisk-1.2.17.tar.gz are now the current version.

I didn’t want to gamble with the new versions, so I used the old versions located in /releases

The full lines would be
wget http://ftp.digium.com/pub/telephony/zaptel/releases/zaptel-1.2.15.tar.gz
wget http://ftp.digium.com/pub/telephony/asterisk/releases/asterisk-1.2.16.tar.gz

By: David

David — Fri, 23 Mar 2007 00:12:24 +0000

I am running AAH 2.7 which I upgraded a while back to asterisk 1.2.14, the zaptel at the time, etc. The upgrade this time gave me an error during genzaptel_config.

Removing zaptel module: ERROR: Module zaptel is in use by zttranscode
[FAILED]

Plus some other nasties.
I found this link which showed a work around to get everything to unload properly.
http://bugs.digium.com/view.php?id=7981
Looks like I’m good to go – for the moment….

By: Ambro

Ambro — Wed, 21 Mar 2007 15:24:03 +0000

Had the same issue as carol mentioned on my Nerd vittles asterisk running with vmware, on a Xeon….

When shutting down the asterisks server a load of Zaptel errors are reported…

However the upgrade of the actual asterisks has taken place and AsterisksInfo reports the updated 1.2.16…

I just ignored the error as i dont use the zaptel module and its not affceted the SIP part of asterisks..

However i have noticed that since the upgrade there has been a few jitters in calls, when the incoming voice is interpreted intermittently. Taking in to account bandwidth is not a problem.. Any ideas on how to fix this?

Ambro

By: Robert

Robert — Wed, 21 Mar 2007 13:32:10 +0000

My last comment about the app_speech_utils.so, issue was wrong. It still exists. Sorry!

By: Robert

Robert — Wed, 21 Mar 2007 13:08:32 +0000

Note. I did this update before per instructions. I needed to reapply it to a new machine instance. I am using the VMWare version.

The files above have been upgraded at this point to zaptel-1.2.16.tar.gz and asterisk-1.2.16.tar.gz.

I installed without doing the app_speech_utils.so rename.(I had to in the original release). The problem no longer exists. It appears the prior issues have been resolved as I did not have to do any changes. So I guess I am noting that the issues have been fixed and the update goes without problems. At least for me. Thanks

By: carol

carol — Fri, 16 Mar 2007 16:18:18 +0000

On Xeon machine the procedure didn’t work. The zaptel start fails with:

Loading zaptel framework: [ OK ]
Waiting for zap to come online: [ OK ]
Loading zaptel hardware modules:
Loading tor2: [ OK ]
Loading wct4xxp: [ OK ]
Loading wct1xxp: [ OK ]
Loading wcte11xp: [ OK ]
Loading wcfxo: [ OK ]
Loading wctdm: [ OK ]
Loading ztdummy: [ OK ]
Loading r4fxo: FATAL: Error inserting r4fxo (/lib/modules/2.6.9-34.0.2.ELsmp/extra/r4fxo.ko): Unknown symbol in module, or unknown parameter (see dmesg)
[FAILED]
Loading r1t1: FATAL: Error inserting r1t1 (/lib/modules/2.6.9-34.0.2.ELsmp/extra/r1t1.ko): Unknown symbol in module, or unknown parameter (see dmesg)
[FAILED]
Loading rxt1: FATAL: Error inserting rxt1 (/lib/modules/2.6.9-34.0.2.ELsmp/extra/rxt1.ko): Unknown symbol in module, or unknown parameter (see dmesg)
[FAILED]

Any idea how to fix this ?
Thanks

By: Dave

Dave — Sat, 10 Mar 2007 21:24:31 +0000

After upgrading per Ward’s instructions, the VM-intro prompt before the beep is no longer there. When you dial *extension, you immediately get the beep and no "Pls leave a msg after the tone. When done…." msg. Any ideas?

I looked at the before and after upgrade logs and
— Playing ‘vm-intro’ (language ‘en’) **this line no longer exists after upgrade***
— Playing ‘beep’ (language ‘en’)

[WM: You’re correct. Another quirk. Here’s a simple workaround. Open freePBX Setup with your web browser. Click General Settings. The fifth option on the page is Direct Dial to VoiceMail Message Type. Change the setting from Default to Unavailable. Save your change and click the Red Bar to reload Asterisk, and all should be well.]

By: Steve Prior

Steve Prior — Sat, 10 Mar 2007 15:00:47 +0000

app_speech_utils.so is part of the Lumenvox connector with Asterisk (guess how I found out). To get my Lumenvox channel working again after following this update I had to follow the Asterisk instructions on the Lumenvox site (not the Trixbox specific ones) which included downloading a patch, applying it to the Asterisk source, and recompiling. This got me quite nervous until I figured it out.

By: Jalapeno

Jalapeno — Sat, 10 Mar 2007 05:21:34 +0000

I just tried this with AAH 2.7 (with Asterisk 1.2.5), and it seems to work. I had to do the spinlock.h fix and then follow the steps to install 1.2.16 and Zaptel 1.2.15. I did not have to yum install the kernel source because it was already there. Also my MOH stopped working too until I reloaded the settings. Thanks for the tips!

By: Lee Winsor

Lee Winsor — Fri, 09 Mar 2007 20:24:00 +0000

Ward,

The instructions worked fine for my Trixbox1.2.3 vmware installation with one exception… Recompiling to Asterisk 1.2.16 broke my music on hold.

After several days of trying to find a way to fix it without any success, I did come up with a kludge that restores the operation of music on hold at least partially. It works, but the ring sound can be heard in the background while the music plays. I can live with that until someone comes up with a permanent fix. The fix is quite simple if you have a complete backup of your /usr/lib/asterisk/modules files prior to the asterisk recompile.

You only need to restore one file.

cd /usr/lib/asterisk/modules

mv res_musiconhold.so res_musiconhold.so.old (just in case you need to restore it in the future)

cp /bkpcopy/res_musiconhold.so res_musiconhold.so (copy your backup copy to the modules directory)

amportal restart (your music on hold should now be working)

Note: I suspect your comments about file dates of the modules also applies here, so make sure the file date on the copied file is current and not the original 10/2006 date or asterisk may not load properly.

-lee-

[WM: Actually, I think the problem lies in the MusicOnHold setup with freePBX. You were correct. It wasn’t working. Instead of replacing the module, try this first. Open freePBX Setup with your web browser. Then click MusicOnHold, then click Default under the Add Music Category listing, then click the Enable Random Play button, and then click the Red Bar to reload Asterisk. I think that will fix your problem without injecting the ring sounds in the background. For some reason, the /etc/asterisk/musiconhold_additional.conf file got trashed, and the steps I’ve outlined will restore it.]

By: Ken

Ken — Thu, 08 Mar 2007 18:35:17 +0000

Ward,

Terrific instructions as usual! The only additional thing I had to do was comment out "exclude=kernel*" my CentOS-Base.repo and CentOS-Media.repo files to allow the new kernel to show up. (I wasn’t sure which file would do it so I just commented out both of them)

Thanks!

Ken

By: Tom King

Tom King — Thu, 08 Mar 2007 04:08:31 +0000

Hi Ward

Thanks for your article. I have created an all in one install script based on your article and it is available at

http://www.script-trix.us/updatesource.htm

It follows your suggestions closely although I have not had a chance to test it on a 1.2.3 machine. It does work quite well on a 2.0 box and I suspect it will do the same on a 1.2.3 box. Thanks for all of your hard work and the plug above!

Tom

By: tim

tim — Wed, 07 Mar 2007 07:13:01 +0000

the instructions work fine for updating trixbox 2.0, this was on my list to do and i’m glad i was able to knock it out tonight. thanks!

By: David

David — Tue, 06 Mar 2007 22:41:57 +0000

In an older post by bubba we used the following for zaptel based on the kernel.

make linux26
make install
make config