A flaw in the Asterisk IP PBX platform reported last week could result in a denial-of-service attack 
that would disrupt a business’ VoIP or VoIP-to-PSTN gateway service.
Asterisk is an open-source IP telephony and messaging platform that runs on Linux, BSD and MacOSX servers, and can be used as a complete office phone system, or to add IP-enabled services - such as messaging or gateways - to a mixed TDM/IP phone network.
A vulnerability in IAX2 (Inter-Asterisk eXchange protocol version 2), could be used to flood an Asterisk IP PBX with bogus calls and make the phone system unavailable, according to the Internet Security Systems (ISS) X-Force Threat Analysis Service, which discovered the bug.
IAX2 is normally used by Asterisk servers to set up and manage calls. Techworld.com - VoIP server at risk of DDoS attack
From around the Web
- Windows Vista Service Pack 2 Latest Release Schedule
- Vista SP2: What is inside?
- NetWitness releases free version of security software
- Three Reasons Why Users Won’t Buy Into Security
- Automated security testing & its limitations
- Google Wants to Preinstall Chrome Browser on PCs
- Mozilla warns of Firefox China add on
- Firefox No Longer an Automatic Defense Against Browser Drive Bys
- Google patches Chrome file stealing bug
- Apple plays catch up, adds anti fraud safeguard to Safari
- Researchers find vulnerability in Windows Vista
- How to Use Network Behavior Analysis Tools
- The insider security threat in IT and financial services
- Windows 7 security: An overall improvement?
- Windows 7 UAC could be less of a nag