http://www.theindustrystandard.com/news/2008/03/21/open-source-asterisk-ip-pbx-needs-patches-fix-flaws Comments for "Open-source Asterisk IP PBX needs patches to fix flaws" en http://www.theindustrystandard.com/news/2008/03/21/open-source-asterisk-ip-pbx-needs-patches-fix-flaws <p><!--paging_filter--> <p>Businesses using open-source <a href="http://www.networkworld.com/news/2008/012408-special-focus.html" rel="nofollow">Asterisk-based</a> IP PBXs should check whether to update the software version they are using in order to rid themselves of vulnerabilities that could compromise the systems.</p> <p>Exploiting the two vulnerabilities can lead to buffer overflow attacks, hijacked calls and allow attackers to make unauthenticated calls.</p> <p>The Asterisk Development Team has issued patches for <a href="http://www.asterisk.org/node/48466" rel="nofollow">four versions</a> of Asterisk affected by vulnerabilities.</p> <p>No actual exploits based on the vulnerabilities has been reported.</p> <p>Open source Asterisk is free for download and is also used as the basis for commercial PBXs and peripheral software such as call centers. The creators of this PBX sell a commercial version under the name <a href="http://www.networkworld.com/news/2008/021108-digium-asterisk-warranty.html " rel="nofollow">Digium</a>.</p> http://www.theindustrystandard.com/news/2008/03/21/open-source-asterisk-ip-pbx-needs-patches-fix-flaws#comments Exploits and vulnerabilities IDGNS Internet Open source Security Software Software &amp; Web Breaking News Fri, 21 Mar 2008 10:32:19 -0700 IDG News Service 103570 at http://www.theindustrystandard.com