Security flaws in ASTERISK ! be aware


#1

here:

home.businesswire.com/portal/sit … ewsLang=en

[quote]Asterisk PBX truncated video frame vulnerability–The Asterisk-specific IAX2 protocol includes support for transmission of video between the IAX2 clients that implement this feature. A vulnerability found in the Asterisk’s handling of IAX2 video frames could lead to the remote compromise of the system running the software PBX through execution of arbitrary code of the attacker’s choosing with the privileges of the Asterisk daemon. The vulnerability affects Asterisk PBX software versions up to and including v1.2.8.

IAXclient truncated frames vulnerabilities–IAXclient is an open source library that implements the IAX2 VoIP protocol used by the Asterisk IP PBX and several VoIP software phones. Two vulnerabilities have been discovered in the library that may grant attackers remote execution of arbitrary code on systems using software packages that rely on the library to implement the IAX protocol support. Although these vulnerabilities were discovered and tested using in the IDE FISK software phone, other software packages that use the IAXclient library are also vulnerable.[/quote]

that’s BAD news…!


#2

This was patched in 1.2.9.1 last week.


#3

i know, it’s just that there ARE security flaws in *


#4

…that are fixed…

EVERY application/system has security flaws. but NOT all of them are fixed or addressed in a timely manner (cough internet explorer cough).

the fact that the bug was fixed should say it all…


#5

I have been using asterisk for over a year. This is the first large volnurbility that I have seen in it.