Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1332 to the following vulnerability: Asterisk Project Security Advisory - AST-2008-003 Unauthenticated calls can be made via the SIP channel driver using an invalid From header. This acts similarly to the SIP configuration option 'allowguest=yes', in that calls with a specially crafted From header would be sent to the PBX in the context specified in the general section of sip.conf. References: http://downloads.digium.com/pub/security/AST-2008-003.html
asterisk-1.4.18.1-1.fc8 has been submitted as an update for Fedora 8
asterisk-1.4.18.1-1.fc7 has been submitted as an update for Fedora 7
asterisk-1.4.18.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
asterisk-1.4.18.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-2620 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-2554