[quote=“SecurityFocus”]Asterisk Voicemail Unauthorized Access Vulnerability
BugTraq ID: 15336
Remote: Yes
Date Published: 2005-11-07
Relevant URL: securityfocus.com/bid/15336
Summary:
Asterisk is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to properly verify user-supplied input.
Successful exploitation will grant an attacker access to a victim users voicemail, and any ‘.wav/.WAV’ files currently on the affected system.
…
An exploit proof of concept URI is available.
…
Solution:
The vendor has addressed this issue in Asterisk version 1.2.0-beta2.
… [/quote]
No reason to cause a panic. You should have pointed out this is related to the web frontend for voicemail. Nothing to worry about if the web frontend was not installed.
[quote=“zmanea”]No reason to cause a panic. You should have pointed out this is related to the web frontend for voicemail. Nothing to worry about if the web frontend was not installed.
Who is causing panic? Making people aware that there is a security vulnerability in any part of Asterisk and that a fix is available is a community service.
And, the information you highlighted is in the link I provided, therefore the information was in my original post.