• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Focus On: Vista
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns

• info
• discussion
• exploit
• solution
• references

Asterisk Call Authentication Security Bypass Vulnerability

Asterisk is prone to a security-bypass vulnerability that allows attackers to make unauthenticated calls through the SIP channel driver.

Exploiting this issue may also aid in other attacks.

This issue affects the following versions:

Asterisk Open Source prior to 1.2.27
Asterisk Open Source prior to 1.4.18.1 and 1.4.19-rc3.
Asterisk Open Source prior to 1.6.0-beta6
Asterisk Business Edition all A versions
Asterisk Business Edition prior to B.2.5.1
Asterisk Business Edition prior to C.1.6.2
AsteriskNOW prior to 1.0.2
Asterisk Appliance Developer Kit prior to Asterisk 1.4 revision 109393
s800i (Asterisk Appliance) prior to 1.1.0.2