Asterisk Voicmail Vulnerability - Fixed in 1.2-beta2


#1

[quote=“SecurityFocus”]Asterisk Voicemail Unauthorized Access Vulnerability
BugTraq ID: 15336
Remote: Yes
Date Published: 2005-11-07
Relevant URL: securityfocus.com/bid/15336
Summary:
Asterisk is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.

Successful exploitation will grant an attacker access to a victim users voicemail, and any ‘.wav/.WAV’ files currently on the affected system.

An exploit proof of concept URI is available.

Solution:
The vendor has addressed this issue in Asterisk version 1.2.0-beta2.
… [/quote]


#2

No reason to cause a panic. You should have pointed out this is related to the web frontend for voicemail. Nothing to worry about if the web frontend was not installed.

securityfocus.com/bid/15336/exploit


#3

[quote=“zmanea”]No reason to cause a panic. You should have pointed out this is related to the web frontend for voicemail. Nothing to worry about if the web frontend was not installed.

securityfocus.com/bid/15336/exploit[/quote]

Who is causing panic? Making people aware that there is a security vulnerability in any part of Asterisk and that a fix is available is a community service.

And, the information you highlighted is in the link I provided, therefore the information was in my original post.