[quote]Asterisk PBX truncated video frame vulnerability–The Asterisk-specific IAX2 protocol includes support for transmission of video between the IAX2 clients that implement this feature. A vulnerability found in the Asterisk’s handling of IAX2 video frames could lead to the remote compromise of the system running the software PBX through execution of arbitrary code of the attacker’s choosing with the privileges of the Asterisk daemon. The vulnerability affects Asterisk PBX software versions up to and including v1.2.8.
IAXclient truncated frames vulnerabilities–IAXclient is an open source library that implements the IAX2 VoIP protocol used by the Asterisk IP PBX and several VoIP software phones. Two vulnerabilities have been discovered in the library that may grant attackers remote execution of arbitrary code on systems using software packages that rely on the library to implement the IAX protocol support. Although these vulnerabilities were discovered and tested using in the IDE FISK software phone, other software packages that use the IAXclient library are also vulnerable.[/quote]
that’s BAD news…!