Source: asteriskblog.com

Here is something for all Asterisk users out there.  Though we may all be very enthusiastic about Asterisk and the service it provides, we have to be practical and keep our eyes open for vulnerabilities.  Even the people over at Digium do not act like ostriches and keep their head buried in the sand – I guess most other service providers act the same way.  They are always on the look out for weaknesses that other unscrupulous individuals may take advantage of.

Recently, Joel R. Voss aka. Javantea reported a vulnerability in Asterisk systems that may result in denial of service.  Many other sites and blogs have subsequently spread the word about the possible problems that may arise from the vulnerability.  People over at Digium themselves have released an advisory about the issue.  They have also released work arounds that could help solve the issue and avoid potential problems that may arise from it.

Below is the description of the vulnerability as well as other important details that you may need to resolve the issue.  This was taken from Secunia:

Description:
A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to improper verification of ACK responses during IAX2 handshakes, which can be exploited to spoof an IAX2 handshake and cause a DoS via high bandwidth usage.

The vulnerability is reported in the following versions:
* Asterisk Open Source 1.0.x (all versions)
* Asterisk Open Source 1.2.x (all versions prior to 1.2.28)
* Asterisk Open Source 1.4.x (all versions prior to 1.4.19.1)
* Asterisk Business Edition A.x.x (all versions)
* Asterisk Business Edition B.x.x (all versions prior to B.2.5.2)
* Asterisk Business Edition C.x.x (all versions prior to C.1.8.1)
* AsteriskNOW 1.0.x (all versions prior to 1.0.3)
* Asterisk Appliance Developer Kit 0.x.x (all versions)
* s800i (Asterisk Appliance) 1.0.x (all versions prior to 1.1.0.3)

Solution:
Asterisk Open Source 1.2.x:
Fixed in 1.2.28.

Asterisk Open Source 1.4.x:
Fixed in 1.4.19.1.

Asterisk Business Edition B.x.x:
Fixed in B.2.5.2

Asterisk Business Edition C.x.x:
Fixed in C.1.8.1.

AsteriskNOW:
Fixed in 1.0.3.

s800i (Asterisk Appliance):
Fixed in 1.1.0.3.

Provided and/or discovered by:
Joel R. Voss a.k.a. Javantea

Original Advisory:
Asterisk:
http://downloads.digium.com/pub/security/AST-2008-006.html

AltSci:
https://www.altsci.com/concepts/page.php?s=asteri&p=2

Here’s to hoping that you will be able to take care of the vulnerability before anything adverse happens!

Source: www.voip-news.com

p-news.comWi-Fi Planet reports that the iPhone is getting some much-needed updates to improve VoIP service.
The other VoIP News reports that Tesco has launched VoIP service over there. And it’s
…

Source: www.voip-news.com

p-news.comRich Tehrani has put together a venerable list of the top 60 movers and shakers in the VoIP world. Comprised of the people whom the TMCNet editor has interviewed, it has a lot of great …

Source: www.voip-news.com

p-news.comMobile VoIP provider, iSkoot, has acquired Social.IM.
“Social.IM has served as an instant Web communications desktop platform and we see a clear consumer integration with iSkoot’s …

Source: www.voip-news.com

p-news.comIf you have VoIP and move, then you need to update your address. Period. End of Story.
Why is this important? Um, hello, well, if you don’t update your address then if your call goes …

Source: www.voip-news.com

p-news.comSecond Life has slipped into the online world pretty seemlessly, with conferences now adding Second Life dimensions to the real life. Instead of being this new, wild and crazy thing, …

Source: www.voip-news.com

p-news.com28TEL now has service in Japan. The mobile telecommunications service provider has multi-linqual voice prompts and user interfaces as well as global calling, free roaming and free call …

Source: www.voip-news.com

p-news.comKudos to VoIP Supply for being named to CRN Magazine’s Fastest Growing Retailers list.
The Buffalo-based company is now rubbing shoulders with Best Buy, Staples, J&R and other …

Source: goebel.net

If you’re new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Just a fast news break: O2 in Germany is not blocking the phone numbers of Rebtel anymore. Their blog …

Source: voip-tech.blogspot.com

Source: voip-tech.blogspot.com

Good news for mobile VoIP, the IEEE announce the new 802.11r standard that allows the change of connection between Wi-Fi Access Points without loss of connections …

Source: www.voip-news.com

p-news.comNice.
Jobs in other sectors might be hurting, but in the IP communications world, things are hoppin’. In fact, according to TMCNet, VoIP salaries had a hearty rise in the second quarter. …

Source: www.voip-news.com

p-news.comA school district in Colorado is giving the checkered flag to a new VoIP system.
Boulder Valley School District in Colorado is getting a high-tech system that will connect the area’s …

Source: goebel.net

If you’re new here, you may want to subscribe to my RSS feed. Thanks for visiting!

A commentator to my last post "Why Truphone and Gizmo5 applaud that Nokia turns it’s back …

Source: www.voip-news.com

p-news.comImagine if wireless devices could move seamlessly between Wi-Fi connection points without a hiccup? It might seem like a dream, but a new standard just developed and approved by IEEE …

Source: www.voip-news.com

p-news.comFun businesses can reap the rewards of VoIP too.
There’s a cool toy store in Massachusetts that has gotten hooked up with VoIP to solve their communications issues. Magic Beans owners …

Source: www.voip-news.com

p-news.comHealthcare providers seem to be embracing VoIP left and right.
Carolinas HealthCare System is using VoIP to handle patient calls. The system is using a Nortel VoIP setup for it’s …

Source: www.voip-news.com

p-news.comEverybody wants to be green these days. Manufacurers, bottlers, everyone. Even companies and VoIP providers. But that can pose challenges for SMBs. For one, in getting the service to …

Source: voipworld.wordpress.com

By Traci PattersonCedMagazine
In the past year, cable telephony subscribers have increased by nearly eight million worldwide, according to a new report from In-Stat.
Growth in North America has …

Source: goebel.net

If you’re new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Om Malik has asked "Is Nokia Turning Its Back on MobileVoIP?", pinpointing to the fact that …

Source: www.voip-news.com

p-news.comWhen traveling abroad for business, it can get quite pricey to use your cell phone for international calls. But you don’t have to incur heavy fees and charges for using your phone …

Source: gigaom.com

Ever since my troublemaker friend Andy Abramson figured out a way to make VoIP calls over GoGo, the in-flight broadband system from Aircell, there has been a flurry of activity leading to the …