Open source Asterisk IP PBX needs patches to fix flaws

Vulnerabilities can lead to crashes, unathenticated calls

Businesses using open-source Asterisk-based IP PBXs should check whether to update the software version they are using in order to rid themselves of vulnerabilities that could compromise the systems.

Attackers can exploit the two vulnerabilities to launch buffer-overflow attacks, hijack calls and make unauthenticated calls.

The Asterisk Development Team has issued patches for four versions of Asterisk affected by vulnerabilities.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Businesses using open-source Asterisk-based IP PBXs should check whether to update the software version they are using in order to rid themselves of vulnerabilities that could compromise the systems.

Attackers can exploit the two vulnerabilities to launch buffer-overflow attacks, hijack calls and make unauthenticated calls.

The Asterisk Development Team has issued patches for four versions of Asterisk affected by vulnerabilities.

No actual exploits based on the vulnerabilities has been reported.

Open source Asterisk is free for download and is also used as the basis for commercial PBXs and peripheral software such as call centers. The creators of this PBX sell a commercial version under the name Digium.

Read more about software in Network World's Software section.