Skip to main content
Customer Support Customer Support

Asterisk bugs make a right mess of RTP

  • September 1, 2017
  • 2 replies
  • 209 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54

IP telephony server discloses three vulns, one critical. You know what to do next

 


 
1st September 2017 By Richard Chirgwin   Admins of the popular IP telephony application Asterisk have a lovely end to the week ahead of them - there's two moderate vulnerabilities, and one critical mess, that need patches.
 
The worst of the three is this one: a bug in the Realtime Transport Protocol (RTP) stack that exposes a system to information disclosure.
 
The problem came about as a result of a change to the system's strict RTP implementation, designed to handle network issues more smoothly.
 
Full Article.
    ProTruckDriver
    durantash
    Jasper_The_Rasper
    14 people like this
    • ProTruckDriver
      ProTruckDriver
    • durantash
      durantash
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj
    • J
      jhartnerd123
    • TripleHelix
      TripleHelix
    • luckygecko
      luckygecko
    • tasystems
      tasystems
    • R
      remote-it
    • MajorHavoc
      MajorHavoc
    • Robis
      Robis
    • F
      franco
    • Muskadel
      Muskadel
    • K
      Kenobi

    2 replies

    R
    Community Guide
    • retiredAntus67
    • Community Guide
    • 5988 replies
    • September 1, 2017
    So..................pull the plug on the land phone, go cellular route.Land phones today are becoming more and more obsolete.
    Jasper_The_Rasper
    J
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • J
      JP_
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54

    Thanks for using Asterisk. Your call is transparent to us, so stay on the line to get p0wned

     


     
    By Richard Chirgwin 3 Sep 2017 One of the Asterisk bugs published last week is worse than first thought: Enable Security warns it exposes the popular IP telephony system to stream injection and interception without an attacker holding a man-in-the-middle position.
     
    A reader (@kapejod, who collaborated with@sandrogauci on the work) alerted The Register to this advisory last published Friday.
     
    In it, Enable Security explains that a bug it's dubbed “RTPbleed” (the “RTP” stands for Real Time Protocol) which first emerged in September 2011, was patched in the same month, but was then reintroduced in 2013. As this page states, it doesn't only affect Asterisk, because the bug's in RTP proxy code.
     
    Full Article.
    ProTruckDriver
    J
    2 people like this
    • ProTruckDriver
      ProTruckDriver
    • J
      JP_

    Reply


    Terms & Conditions