[*] Security Alert: Dial string injection vulnerability in all Asterisk versions.
John Lange
john at johnlange.ca
Wed Feb 17 15:38:53 CST 2010
Apparently there is a serious vulnerability in many dial plans which is
roughly the Asterisk equivalent of a SQL injection.
If you are doing anything similar to this:
exten => _X.,1,
Then you may have a serious problem.
Take a look at this post for more information.
http://www.voip-forum.com/?p=241&preview=true
--
John Lange
http://www.johnlange.ca
More information about the Asterisk
mailing list