[Asterisk-Security] Multiple Vulnerabilities in Asterisk
1.2.10 (Fixed in 1.2.11)
Duane
duane at e164.org
Sun Aug 27 07:08:30 MST 2006
On Sun, 2006-08-27 at 09:04 -0500, Kevin P. Fleming wrote:
> And anyone who wants to provide one is welcome to do so. The lack of one being available is not a vulnerability, though, since the administrator can easily avoid the issue.
Actually many would consider it to be a vulnerability in the same way
they did before languages such as php/perl provided functions like
escapeshellarg()...
--
Best regards,
Duane
http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP
"In the long run the pessimist may be proved right,
but the optimist has a better time on the trip."
More information about the Asterisk-Security
mailing list