Gentoo Linux Security Advisory GLSA 200804-13 - Multiple vulnerabilities have been found in Asterisk allowing for SQL injection, session hijacking and unauthorized usage. Versions less than 1.2.27 are affected.
67da6681bc621e1c47a9b59a1836b85459c55a674e2f9489f48e2bca51d3ffd7
Debian Security Advisory 1525-1 - Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit.
8a005f5ec36bdbd53917c342d96a68635121d0d7e8a082ff1e7174217e1c231c
Asterisk Project Security Advisory - Due to the way database-based registrations ("realtime") are processed, IP addresses are not checked when the username is correct and there is no password. An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user. This is limited in scope to administrators who have set up the registration database ("realtime") for authentication and are using only host-based authentication, not passwords. However, both the SIP and IAX protocols are affected.
8f347c1af72c018f03b4107767873c60b519061e85f1fa9739ca188fc9633316