TwinCites Asterisk Users Group

Friends,

Last week, Hans Petter Selansky alerted us of a potential security issue in all releases of Asterisk. In fact, it doesn't involve the code, but the most common way to construct dialplans. If you have something like this in your Asterisk, you need to update your dialplans:

[incoming-from-voip]
exten => _X., 1, dial(SIP/${EXTEN})

Many VoIP protocols support a large character set, that may cause harm in your dialplan
====================================================================

I've written an article about this on my blog, where my summary says: