Bug#747302: Security flaw: deleted config files get restored
Petr Tomášek
petr.tomasek at evangnet.cz
Wed May 7 10:41:01 UTC 2014
Package: asterisk
Version: 1.8.13.1~dfsg1-3+deb7u3
The Asterisk (open source telephony switching and private branch
exchange service) comes with many example config files in place
which post possible security risk as they configure features which
should not be present on a production system.
Now, if these config files are deleted they are restored by the next
update meaning that the system get screwed and it may lead to a security
problem.
Therfore I'd suggest that config files that are just examples (and not
feasible defaults like e.g. ) all be moved out of the /etc/asterisk to
some documentation directory.
Thanks!
More information about the Pkg-voip-maintainers
mailing list