[*] Security Alert: Dial string injection vulnerability in all Asterisk versions.
john at johnlange.ca
Wed Feb 17 15:38:53 CST 2010
Apparently there is a serious vulnerability in many dial plans which is
roughly the Asterisk equivalent of a SQL injection.
If you are doing anything similar to this:
exten => _X.,1,
Then you may have a serious problem.
Take a look at this post for more information.
More information about the Asterisk