Earlier this week, the team at Digium released four new security vulnerabilities:
- AST-2008-002: Two buffer overflows in RTP Codec Payload Handling
- AST-2008-003: Unauthenticated calls allowed from SIP channel driver
- AST-2008-004: Format String Vulnerability in Logger and Manager
- AST-2008-005: HTTP Manager ID is predictable
The solution is, predictably, to upgrade to the latest version of whichever stream of Asterisk you are using.