Thought this was kewl... found this site off the boards, BTW, thx!

http://www.atstake.com/research/advisories/2003/#091503-1

Quote:

Asterisk is a complete PBX (Private Branch eXchange) in software. It runs on Linux and provides all of the features you would expect from a PBX and more. Asterisk does voice over IP with three protocols (SIP, IAX v1 and v2, and H323), and can interoperate with almost all standards-based telephony equipment using relatively inexpensive hardware.

Call Detail Records (CDRs) are generated by telephony systems in order to perform a number of functions such as billing and rating. CDRs contain a number of fields that identify useful information about the call including source, destination, and other items such as CallerID. These can be generated numerous times during the call to indicate the state of the call as well.

@stake found an issue while conducting a source code review of the CDR logging functionality. It is possible to perform SQL injection if an attacker can supply a malformed CallerID string.

The interesting thing to note about this vulnerability is that is can not only be launched via VoIP protocols, but also through fixed-line connections (i.e. POTS - Plain Old Telephone System).


Back off, man! I'm a scientist... - Peter VenkMann