asterisk users - Jul 2022 - Asterisk IP PBX VoIP Servers Hacked by Hackers

I am using freepbx latest 16 version -- am I subject to this problem?
I am not using elastics, but I installed on a Debian bullseye server,
so this is of definite concern to me.

Thanks.

On Mon, 18 Jul 2022 06:45:41 -0400,
Joshua C. Colp wrote:
> 
> [1  <multipart/alternative (7bit)>]
> [1.1  <text/plain; UTF-8 (7bit)>]
> On Mon, Jul 18, 2022 at 7:43 AM Turritopsis Dohrnii Teo En Ming <
> ceo at teo-en-ming.com> wrote:
> 
> >
> > Dear Joshua Colp,
> >
> > Noted with thanks. So the vulnerability is not related to the Asterisk
> > open source project at all?
> >
> 
> It is not. The vulnerability mentioned is regarding FreePBX and Elastix,
> which do use Asterisk but the vulnerability has nothing to do with Asterisk
> itself.
> 
> -- 
> Joshua C. Colp
> Asterisk Project Lead
> Sangoma Technologies
> Check us out at www.sangoma.com and www.asterisk.org
> [1.2  <text/html; UTF-8 (quoted-printable)>]
> [2  <text/plain; utf-8 (base64)>]
> -- 
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> 
> Check out the new Asterisk community forum at:
https://community.asterisk.org/
> 
> New to Asterisk? Start here:
>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

         John Covici wb2una
         covici at ccs.covici.com

On Mon, Jul 18, 2022 at 9:02 AM John Covici <covici at ccs.covici.com>
wrote:
> I am using freepbx latest 16 version -- am I subject to this problem?
> I am not using elastics, but I installed on a Debian bullseye server,
> so this is of definite concern to me.
>
> Thanks.
>
The forum post I linked is where this is being discussed, and any updates
would occur there.

-- 
Joshua C. Colp
Asterisk Project Lead
Sangoma Technologies
Check us out at www.sangoma.com and www.asterisk.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20220718/ca815916/attachment.html>

On 2022-07-18 20:02, John Covici wrote:
> I am using freepbx latest 16 version -- am I subject to this problem?
> I am not using elastics, but I installed on a Debian bullseye server,
> so this is of definite concern to me.
> 
> Thanks.
> 
> On Mon, 18 Jul 2022 06:45:41 -0400,
> Joshua C. Colp wrote:
>> 
>> [1  <multipart/alternative (7bit)>]
>> [1.1  <text/plain; UTF-8 (7bit)>]
>> On Mon, Jul 18, 2022 at 7:43 AM Turritopsis Dohrnii Teo En Ming <
>> ceo at teo-en-ming.com> wrote:
>> 
>> >
>> > Dear Joshua Colp,
>> >
>> > Noted with thanks. So the vulnerability is not related to the
Asterisk
>> > open source project at all?
>> >
>> 
>> It is not. The vulnerability mentioned is regarding FreePBX and 
>> Elastix,
>> which do use Asterisk but the vulnerability has nothing to do with 
>> Asterisk
>> itself.
>> 
>> --
>> Joshua C. Colp
>> Asterisk Project Lead
>> Sangoma Technologies
>> Check us out at www.sangoma.com and www.asterisk.org
>> [1.2  <text/html; UTF-8 (quoted-printable)>]
>> [2  <text/plain; utf-8 (base64)>]
>> --
>> _____________________________________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>> 
>> Check out the new Asterisk community forum at: 
>> https://community.asterisk.org/
>> 
>> New to Asterisk? Start here:
>>       https://wiki.asterisk.org/wiki/display/AST/Getting+Started
>> 
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-users
I am also using FreePBX, but I forgot which version already.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
19 July 2022 Tuesday