I am currently doing my masters in computer science and am focusing on security issues that affect softswitches. Is Asterisk really secure because I have only found 5 documented vulnerabilities for it. What are recommandition for securing a softswith. I see that alot of companies are just putting sip firewalls, SBC and vlan onto their networks. Is this the only way?
I’m not very sure, but I think that this cases:
• vmail.cgi folder Variable Traversal Arbitrary .wav File Access
• Asterisk Manager CLI Command Overflow
• CallerID SQL Injection
are not currently occurring in ASterisk 1.2;
If you are inerested for the SIP Implementation Issue, look here:
Yes none of the 5 cases that I posted do not occur in the latest versions of Asterisk. I am wanting to know if there are any other vulnerabilities that have be found in Asterisk beside the 5 that i have mentioned.