VoIP Zero Day

Not surprisingly, Digium has yet to resolve these first two 0days that were released through this site. There is only one reference to the issues on the Digum mailing list.
Please note Tilghman’s response…
“This has already been addressed”
I’m unsure if they are either ignorant to the issue ( a.k.a. Tilghman is ignorant to his own [...]

FOR IMMEDIATE RELEASE
Remote Denial of Service Exploit Effects The Asterisk PBX
Planet Earth (MyGarageCON)—September 26th, 2008, 0420 EDT. VoIP Zero Day, the initiative to improve the quality and security of VoIP applications, today announced another remote Asterisk Denial of Service exploit for public inspection.
iaxControlNewAuthmethods
It is believed the perl script demonstrates a resource exhaustion style [...]

As Digium revs their engine for Astricon, there is now an asterisk 0day segfault now available for public inspection. Feel free to attack your own Asterisk systems, but remember attacking other systems may very well be against the law - at least in America.
We are not liable for any of your actions.
SecurityScraper.com releases: IAXControlNew

For the [...]

Currently, I possess over one dozen additional Asterisk Resource Exhaustion 0days.
Senior staff at Digium was initially notified on 08/17/08 of these discoveries and peer reviewed additional Asterisk Resource Exhaustion issues.
Two days after this, the identical disclosure was sent to additional engineering staff members at Digium. Promises were made that these people would look into [...]

During The Last HOPE an IAX Resource Exhaustion 0day DoS was released for the Asterisk PBX. This 0day was in the wild for 4 days before a patch was released.
During these four days, any attacker could have attacked any publicly accessible Asterisk server and forced it to stop processing all phone calls. What [...]