SYSADMINMAN

Last December the IC3 issued an alert for Asterisk users whch can be seen here.

This initially caused a panic amongst the developers as it wasn’t really clear what the alert was about. It turns out that it was for a vulnerability that was indentified and patched by Digum 9 months earlier. IC3 issued an updated buliten shortly after describing the issue a little better which can be seen here

I’m still seeing this alert being used to try and discourage people from using Asterisk but as far as I can see it’s just a normal security warning that was quickly identified and fixed by the software developer.

If you’d like to read more information there’s a good post here regarding this – http://blog.tmcnet.com/blog/tom-keating/asterisk/digium-responds-to-fbi-vhishing-security-warning-about-asterisk.asp and, as always, keep your software patched!

Related posts:

1. Asterisk/FreePBX dial plan injection vulnerability
2. Asterisk upgrade breaks IAX extensions
3. Hacking and securing your Asterisk server