October 17, 2011 archive

Asterisk Remote Crash Vulnerability in SIP Channel Driver

Asterisk

The folks over at the Digium security team today released security bulletin AST-2011-012 for a remote crash vulnerability in the SIP channel drive. For info about the attack, they state only:

A remote authenticated user can cause a crash with a malformed request due to an uninitialized variable.

An assumption from this statement would be that an UNauthenticated user could not carry out this attack… but I admit to not personally knowing the SIP channel driver of Asterisk enough to be able to stand behind this conclusion.

Regardless, updates have been released in the form of new versions 1.8.7.1 and 10.0.0-rc1.

Awesome Comic -> The Bright Side to the Blackberry Outage

A truly awesome way to start my Monday... courtesy of RWW, this great cartoon from Rob Cottingham showing the "bright side" of the Blackberry outage:

Noisetosignal

Of course, we iPhone owners could have a similar discovery... although whether or not our phone connection would actually work is a different question... (but did any of us truly get an iPhone for the phone piece? ;-)

Great comic, Rob!


If you found this post interesting or useful, please consider either: