This week Digium released three security advisories allowing remote authenticated sessions to either crash an Asterisk server or escalate user privileges. The advisories are:
- AST-2012-004 – Asterisk Manager User Unauthorized Shell Access
- AST-2012-005 – Heap Buffer Overflow in Skinny Channel Driver
- AST-2012-006 – Remote Crash Vulnerability in SIP Channel Driver
In all cases the solution is to upgrade to the latest releases of Asterisk Open Source (1.6.2.24, 1.8.11.1 or 10.3.1 ) or Asterisk Business Edition (C.3.7.4).