<div dir="ltr">Spoke with Steve,<div><br></div><div>He says:</div><div><br></div><div><div class="gmail-gs" style="margin:0px;padding:0px 0px 20px;width:3424px;font-family:Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:medium"><div class="gmail-"><div id="gmail-:1q8" class="gmail-ii gmail-gt gmail-adO" style="font-size:0.875rem;direction:ltr;margin:8px 0px 0px;padding:0px"><div id="gmail-:1q7" class="gmail-a3s gmail-aXjCH" style="overflow:hidden;font-variant-numeric:normal;font-variant-east-asian:normal;font-stretch:normal;font-size:small;line-height:1.5;font-family:Arial,Helvetica,sans-serif">What is described there does not appear to be a problem with the FAX<br>protocol, even though the text says it is. They refer to problems<br>handling DHT (define huffman table) and COM (comment) sections when they<br>are used incorrectly. Those are tags in JPEG images. It looks like that<br>are talking about an issue with JPEG decoders that don't allow for<br>certain types of corrupt image, and the exploit would be specific to<br>particular models of FAX machines. The problem would be in the JPEG<br>decoder itself. Spandsp calls the system's JPEG library to do that<br>decoding. Any flaw that might exist would be in that system's JPEG library.<br><br>Regards,<br><br>Steve</div></div><div class="gmail-hi" style="border-bottom-left-radius:1px;border-bottom-right-radius:1px;padding:0px;width:auto;background:rgb(242,242,242);margin:0px"></div></div></div><br class="gmail-Apple-interchange-newline"></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Aug 24, 2020 at 4:14 AM mayamatakeshi <<a href="mailto:mayamatakeshi@gmail.com">mayamatakeshi@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi,<div><i><font face="monospace"><br></font></i></div><div><span style="color:rgb(51,51,51)"><i><font face="monospace">Check Point researchers have discovered a vulnerability in the ITU T.30 fax protocol that could be hacked to launch a cyberattack and gain access to a network.</font></i></span><br></div><div><br></div><div><a href="https://www.healthcareitnews.com/news/fax-machines-can-be-hacked-breach-network-using-only-its-number" target="_blank">https://www.healthcareitnews.com/news/fax-machines-can-be-hacked-breach-network-using-only-its-number</a><br></div><div><br></div><div><div>The phrase above indicates a flaw in the T.30 protocol itself and not in particular implementations.</div><div></div></div><div>This is from 2018. </div><div>I don't remember reading anything about this in the fs mailing list.</div><div><br></div><div>Was freeswitch/spandsp audited to ensure application rxfax is safe?</div><div><br></div><div><a href="https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/" target="_blank">https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/</a><br></div><div><br></div><div><br></div></div>
_________________________________________________________________________<br>
<br>
The FreeSWITCH project is sponsored by SignalWire <a href="https://signalwire.com" rel="noreferrer" target="_blank">https://signalwire.com</a><br>
Enhance your FreeSWITCH install with disruptive priced SMS and PSTN services.<br>
Build your next product on our scalable cloud platform.<br>
<br>
Join our online community to chat in real time <a href="https://signalwire.community" rel="noreferrer" target="_blank">https://signalwire.community</a><br>
<br>
Professional FreeSWITCH Services<br>
<a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a><br>
<br>
Official FreeSWITCH Sites<br>
<a href="https://freeswitch.com/oss" rel="noreferrer" target="_blank">https://freeswitch.com/oss</a><br>
<a href="https://freeswitch.org/confluence" rel="noreferrer" target="_blank">https://freeswitch.org/confluence</a><br>
<a href="https://cluecon.com" rel="noreferrer" target="_blank">https://cluecon.com</a><br>
<br>
FreeSWITCH-users mailing list<br>
<a href="mailto:FreeSWITCH-users@lists.freeswitch.org" target="_blank">FreeSWITCH-users@lists.freeswitch.org</a><br>
<a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>
UNSUBSCRIBE:<a href="http://lists.freeswitch.org/mailman/options/freeswitch-users" rel="noreferrer" target="_blank">http://lists.freeswitch.org/mailman/options/freeswitch-users</a><br>
<a href="https://freeswitch.com" rel="noreferrer" target="_blank">https://freeswitch.com</a></blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div style="font-size:12.8px"><font color="#000000"><br></font></div><div style="font-size:12.8px"><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Brian West | Co-founder and Developer</font></span></p><p style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Need Commercial support? email <a href="mailto:sales@freeswitch.com" target="_blank">sales@freeswitch.com</a> </font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">FreeSWITCH Solutions | <a href="https://maps.google.com/?q=17345+Civic+Drive+%232531+Brookfield,+WI+53045&entry=gmail&source=g" style="color:rgb(17,85,204)" target="_blank">17345 Civic Drive #2531 Brookfield, WI 53045</a></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Email: </span><span style="color:rgb(17,85,204);font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><a href="mailto:brian@freeswitch.com" target="_blank">brian@freeswitch.com</a></span></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap"><font color="#000000">Mobile: <span title="Call with Google Voice">918-424-9378</span></font></span></p><p dir="ltr" style="font-size:12.8px;line-height:1.38;margin-top:0pt;margin-bottom:0pt;margin-left:4.5pt"><font color="#000000"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">Website: </span><a href="https://www.freeswitch.com/" style="color:rgb(17,85,204)" target="_blank"><span style="font-size:8pt;font-family:Arial;background-color:transparent;vertical-align:baseline;white-space:pre-wrap">https://www.FreeSWITCH.com</span></a></font></p><p dir="ltr" style="font-size:12.8px;line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="background-color:transparent;font-size:9pt;font-family:Arial;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://www.facebook.com/freeswitch" target="_blank"><img alt="https://www.facebook.com/signalwireinc?src=email" src="https://lh6.googleusercontent.com/AYfRoSNaDNtMPRMevPn_GqcVEMd5NDRFi0GlluGUWzV6I5TAY_3T2-Tt0IuIXeUtEdYsgNsM8DOYKRKhjmrG_-n2Ga-LCnoNk46sO8VyEma1sBFYdiGJcLRUvkrD1CYHN79qimeg" width="31" height="31" style="border: none;"></a> </span><span style="background-color:transparent;font-size:9pt;font-family:Tahoma;color:rgb(0,0,0);vertical-align:baseline;white-space:pre-wrap"><a href="https://twitter.com/freeswitch" target="_blank"><img alt="https://twitter.com/freeswitch" src="https://lh3.googleusercontent.com/W4SqXyybH2qdAozvtoKjcz736qOjk9LHDwldvs1ahc-WVU0putVMSsUH474KDrJ32jsqi6JDjyUWxqeEkN5I1xSlC5ShYrd1b8NIMUkDzDrtbWQfa6A_90UcygqesBtRLgeFirKa" width="31" height="31" style="border: none;"></a></span><br></p></div></div></div></div></div></div></div></div></div></div></div></div></div>