Hi,
I am currently doing my masters in computer science and am focusing on security issues that affect softswitches. Is Asterisk really secure because I have only found 5 documented vulnerabilities for it. What are recommandition for securing a softswith. I see that alot of companies are just putting sip firewalls, SBC and vlan onto their networks. Is this the only way?
Thanks
jake
Can you tell us which are the 5 documented cases?
Are you thinking about SRTP, MIM or den. of service attacks?
C.
Here are the 5 documented case that I have found:
• vmail.cgi folder Variable Traversal Arbitrary .wav File Access
• Asterisk Manager CLI Command Overflow
• CallerID SQL Injection
• SIP Implementation Issue
• Logging Format String Vulnerabilities
I am looking at the actual softswitch and how to secure it from attacks. Like how to secure Asterisk from a DOS attack.
jake
I’m not very sure, but I think that this cases:
• vmail.cgi folder Variable Traversal Arbitrary .wav File Access
• Asterisk Manager CLI Command Overflow
• CallerID SQL Injection
are not currently occurring in ASterisk 1.2;
If you are inerested for the SIP Implementation Issue, look here:
bugs.digium.com/view_all_bug_page.php
C.
Yes none of the 5 cases that I posted do not occur in the latest versions of Asterisk. I am wanting to know if there are any other vulnerabilities that have be found in Asterisk beside the 5 that i have mentioned.