“…but the announcement by the IC3 originally had no details so
this caused far more concern than it should have merited. They’ve
updated their announcement to reflect the change.“Additionally, it’s interesting that this particular bug is
being exploited in any large-scale way on the remaining systems
that are unpatched. It would be highly unusual and almost
consciously unsafe for an administrator to configure their system
in such a way as to make this a problem. But I suppose if it’s
possible, someone will configure it that way.“Here’s our updated page with details:
http://blogs.digium.com/2008/12/06/sip-security-and-asterisk/
John Todd [email protected]
Open Source Community Director
Followup: Asterisk Bug is Old, Fix is Also Old
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis