Installation

Product Bulletin: CVE-2015-0235 Ghost Vulnerability

Details:

https://rhn.redhat.com/errata/RHSA-2015-0090.html
Updated glibc packages that fix one security issue are now available for ScopServ Distributions built on CentOS 5.
Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system.  Without these libraries, the Linux system cannot function correctly.
A heap-based buffer overflow was found in glibc’s __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls.  A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235)

Immediate Recommendations:

In order to protect your server and at the earliest convenience:
From the Linux shell execute (without quotations):

‘scopserv_yum update glibc* -y’

Ensure all updates have completed and then execute (without quotations)

‘reboot’

The minimum package requirements are:

glibc-devel-2.5-123
glibc-2.5-123
glibc-headers-2.5-123
glibc-2.5-123
glibc-common-2.5-123
nscd-2.5-123

Read More

ScopTEL RTP ‘directmedia’ Handling

What is directmedia?

  • When SIP initiates the call, the INVITE message contains the information on where to send the media streams. ScopTEL uses itself as the end-points of media streams when setting up the call. Once the call has been accepted, ScopTEL sends another re-INVITE message to the clients with the information necessary to have the two clients send the media streams directly to each other.
  • The ‘Can Reinvite’ option is used to enable directmedia options per peer in the ScopTEL GUI

Directmedia/re-INVITE Overview

  • When SIP endpoints communicate by way of ScopTEL, ScopTEL will attempt to send SIP re-INVITES in order to allow the endpoints to communicate directly. This allows for the computational load on the ScopTEL server to be decreased while also lessening the latency of the media streams between the endpoints.
ScopTEL - RTP directmedia handling
Read More

How to Configure Server to Server SIP Trunking

Server to server SIP trunks are very useful and easy to configure.

DNIS is used to send and receive calls between servers

Usage Cases Implementing DNIS:

  • SIP TIE trunks:
    • A private network is created to dial extensions between systems using Access Codes
  • Tandem Dialing:
    • PSTN resources available to a remote server are shared to the local server
  • PSTN re-routing to a networked ScopTEL Server
ScopTEL - How to set up a Server to Server SIP Trunk
Read More

How to Install a ScopTEL Virtual Machine Into the Mediatrix Sentinel SBC

The Mediatrix Sentinel appliance is a Gateway Appliance with several advanced
features (some of which are activated by licensing).
• Eight Gateway modules are supported per Sentinel and external Gateways are also
supported.
• FXO/FXS modules supported
• ISDN modules supported
• DSP modules are supported for RTP CODEC support.
• Hardware transcoding is not yet supported
• SBC is supported by license. Licensing is per channel based
• Embedded Firewall
• Embedded Router supporting static routes
• Enbedded NAT Router
• Embedded DHCP server
• VLAN Support
• QoS support
• 2 Network interfaces (Uplink, Lan1) with each interface supporting a unique MAC
address for bridging to Virtual Machine network interfaces.
• 1 dedicated network interface for emergency management
• Additional Information is available on the Mediatrix Wiki
http://wiki.media5corp.com/wiki/index.php?title=Category:Mediatrix_Sentinel

ScopTEL - Mediatrix Sentinel ScopTEL VM Installation
Read More

How to Configure a Mediatrix ISDN Gateway with ScopTEL

ISDN Gateways are very practical for adding ISDN interfaces to the ScopTEL server when SIP trunks are not used but additional features can be added to Legacy PBX’s using ISDN Gateways and leveraging ScopTEL to:

  • Add or replace existing voicemail servers
  • Add conference bridging
  • Add ACD (Automatic Call Distribution/Contact Center)
  • Add CDR (Call Detailed Reports) via ScopSTATS
  • Add Contact Center Reporting via ScopSTATS
  • Add Call Recording via ScopSTATS
  • Add VoIP phones and other mobility features
ScopTEL - Mediatrix ISDN Gateway Configuration
Read More

Product Bulletin: ScopServ Vulnerability CVE-2014-1691 January 26, 2015 Addendum

In addition to https://blog.scopserv.com/2015/01/product-bulletin-scopserv-vulnerability-cve-2014-1691-january-26-2015/

If your installation cannot immediately and fully be upgraded as per the product bulletin.

You may use this minimal upgrade method to upgrade the required packages (but it highly recommended a full upgrade is performed):

From the Linux shell execute (without quotations) ‘scopserv_yum update scopserv scopserv-core scopserv-framework scopserv-server’

After all packages are successfully updated then from the Linux shell execute (without quotations) ‘service scopserv restart’

Read More

Product Bulletin: ScopServ Vulnerability CVE-2014-1691 January 26, 2015

Scope:
ScopServ, ScopTEL installations could be vulnerable to CVE-2014-1691.

Description:
Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing to load and execute code.

Required Action:
In order to protect a ScopTEL installation from this vulnerability you must update to scopserv-5.0.0-2 scopserv-core-5.1.0.8.20150126-1 scopserv-framework-5.0.0.7.20150126-1 and meet all other dependencies including php-pecl-json-1.2.1-5

Immediate Recommendations:
It is highly recommended to perform a full update on each ScopServ, ScopTEL installation in order to simplify the upgrade procedure and also ensure all dependencies are met.
It is also highly recommended to reboot your server after the updates in order to ensure all services and scripts and have been updated.
From the Linux shell execute (without quotations) ‘scopserv_yum update’
And after the updates are completed execute (without quotations) ‘reboot’

Read More

Restore configurations from an older installation

It can happen that a client wishes to restore the configurations saved from a previous version on a server that is up to date (e.g. from version 2.6.0 to 5.8.1).  On the other hand, it is possible that several changes in the structure of the databases and configurations have evolved, which requires some manipulation to ensure compatibility with the latest version.

 

The procedure is relatively simple but requires manual intervention following the restoration of the configurations. From SSH/console, type the following command, this will detect and automatically fixes databases.

php -q /var/www/scopserv/telephony/scripts/update force

Read More

VoIPmonitor QoS assessment tool now available for installation on ScopTEL

VoIP is a beautiful thing but not if your network is the source of bad voice quality and you cannot prove the source of the problem.

Most of the time the problem is caused by newtork latency, lack of bandwidth, or packet loss.  The G.107 E Model is a great tool to assess a network and determine the MOS of phone call(s).  ScopServ has published a must read guide on QoS at https://blog.scopserv.com/2012/07/scopserv-advanced-training-on-qos-and-vlans/

VoIPmonitor is a third party tool that is pretty easy to install and can easily generate a QoS report and it has a lot of other cool features.

http://www.voipmonitor.org

Installing VoIPmonitor using the ScopServ package manager will automatically build a working installation fo VoIPmonitor.
To install VoIPmonitor you must obtain a 30 day trial license or purchase a Server license from VoIPmonitor.
http://www.voipmonitor.org/buy

Disclaimer: ScopServ does offer any support of any kind for VoIPmonitor.  Support requests must be made directly to VoIPmonitor and all support documentation is available from their website.  http://www.voipmonitor.org

How to install VoIPmonitor on ScopTEL (assuming your software maintenance is active):

From Linux console type:

scopserv_yum update

Login to the ScopTEL GUI and edit MySQL Server and check Enable TCP/IP listening ? [x]

Save

mysqltcplisten

 

Log Out of the ScopTEL GUI

From Linux console type:

service mysqld restart

scopserv_yum install voipmonitor

service scopserv restart

Login to your account at http://www.voipmonitor.org and copy your license data to clipboard

voipmonitorlicense

 

Login to the ScopTEL GUI

Click on the VoIPmonitor Tools menu in the ScopTEL GUI and paste your key.

toolsvoipmonitorlicense

 

After clicking on ‘Recheck’ your installation should be finished

installfinishederror

But you will probably see this error when you click on Installation is Finished.

installfinishederrorignore

Click OK and ignore the error.  A ScopTEL crond task will automatically execute this command.

From Linux console type:

service voipmonitor start

Now you can click on Tools>VoIPmonitor in the ScopTEL GUI and start using VoIPmonitor.

You may need to edit the network interface(s) that VoIPmonitor is configured to monitor.

voipmonitorethconfig

 

If you edit and save this configuration you must…

From Linux console type:

service voipmonitor restart

 

Then open the ScopTEL GUI and go to Tools>VoIPmonitor to see VoIPmonitor options and reports.

voipmonitorworking

Read More

Product Bulletin 6/25/2014: Yealink Phones do not download provisioning files after updating to scopserv-telephony25-5.2.24.0.2014060

During the finalization of APS support for Yealink Version 72 firmware, ScopServ included a configuration line in Yealink <MAC>.cfg files which broke the phone’s ability to download edited <MAC>.cfg files after the initial configuration download.  While the first configuration file download would be successful and the phone would provision, subsequent attempts to download edited <MAC>.cfg files would fail.  The resulting symptom is a Yealink phone that would not update registration passwords, changes to DSS Keys, etc…

The problem affects any Yealink phone configuration file generated by the ScopTEL APS from version scopserv-telphony25-5.2.24.0.2014060 but patched in scopserv-telephony25-5.2.26.0.2014062

In order to recover from this scenario the following actions must be taken:

1. Update the ScopServ Telephony rpm to version scopserv-telephony25-5.2.26.0.2014062 using either the ScopTEL GUI Package Manager or scopserv_yum update commands.

2. Force Commit of APS changes in the ScopTEL GUI

3. Factory reset each affected Yealink Phone by holding down it’s OK button until prompted for a factory reset, and confirm the reset.

4. Once the reset is complete and the Yealink phone has downloaded the new <MAC>.cfg file, the phone will operate correctly and be able to download edited <MAC>.cfg files from the ScopTEL provisioning server.

 

Read More