[*] Security Alert: Dial string injection vulnerability in all Asterisk versions.

John Lange john at johnlange.ca
Wed Feb 17 15:38:53 CST 2010

Apparently there is a serious vulnerability in many dial plans which is
roughly the Asterisk equivalent of a SQL injection.

If you are doing anything similar to this:

exten => _X.,1,

Then you may have a serious problem.

Take a look at this post for more information.


John Lange

More information about the Asterisk mailing list