VoIP Zero Day

Despite a recent warning from the FBI, the attack method used to breach an Asterisk PBX to launch Vishing attacks was probably not an 0day.

PCWorld quoted a Digium rep as saying that a buffer overflow attack would be very hard to pull off.  Sounds like he’s stuck on a document from 1996.
If you do receive [...]

Not surprisingly, Digium has yet to resolve these first two 0days that were released through this site. There is only one reference to the issues on the Digum mailing list.
Please note Tilghman’s response…
“This has already been addressed”
I’m unsure if they are either ignorant to the issue ( a.k.a. Tilghman is ignorant to his own [...]

FOR IMMEDIATE RELEASE
Remote Denial of Service Exploit Effects The Asterisk PBX
Planet Earth (MyGarageCON)—September 26th, 2008, 0420 EDT. VoIP Zero Day, the initiative to improve the quality and security of VoIP applications, today announced another remote Asterisk Denial of Service exploit for public inspection.
iaxControlNewAuthmethods
It is believed the perl script demonstrates a resource exhaustion style [...]

As Digium revs their engine for Astricon, there is now an asterisk 0day segfault now available for public inspection. Feel free to attack your own Asterisk systems, but remember attacking other systems may very well be against the law - at least in America.
We are not liable for any of your actions.
SecurityScraper.com releases: IAXControlNew

For the [...]

VoIP technology is beyond mainstream. Digital Packet Voice Over IP has found its way into the homes and minds of middle America at home and at the office. Any business not using VoIP has at least considered it.
Considering that all American VoIP providers must provide proper E911 transport mechanisms, VoIP technology is undeniably [...]