Home » Gadgets » RTP Bleed: Listen with Asterisk bug phone calls

RTP Bleed: Listen with Asterisk bug phone calls

Monday, September 4th, 2017 | Gadgets

A security breach in the IP telephone system Asterisk allows attackers to intercept telephone calls. The problem occurs when Asterisk is used in a Nat environment. There is a first patch, which is still faulty. Attackers do not need to be in a man-in-the-middle position to take advantage of the vulnerabilities. In addition Asterisk itself is also to be affected RTPProxy.

The error is in the Realtime Transport Stack (RTP). If this is used in a Nat environment, attackers can learn the IP address of the source and mirror the sent packets to their own server. Thus, individual sessions could be recorded.
Attackers can listen
The discoverers Klaus Peter Junghanns and Sandro Gauci write: "The vulnerability can be exploited if an active connection exists and RTP runs over a proxy. To exploit the security gap, the attacker must send an RTP packet to the Asterisk server to one of the for receive RTP ports ". If the target is vulnerable, the Asterisk server would send packets of the current connection to the attacker. The contents of these packages can then be restored as an audio file.

Affected are the Asterisk versions with the version numbers 11.x, 13.x, 14.x and the certified versions 11.6 and 11.3 A patch exists for all versions. The problem is not yet fully resolved, but the time window for a successful attack should be limited to a few milliseconds. According to The Register, the patch is susceptible to a race condition and must therefore be reworked. The discoverers of the security gap recommend Asterisk, if possible, not with the option nat = yes to use.

Incoming search terms:

Related

Hyperloop Global Challenge: Hyperloop On

         display Golem pure Golem.de ohne Werbung nutzenRead more articles on one pageRSS-full-text-feed

WireX: Google removes 300 DDoS apps from

Google has again removed numerous apps from the playstore because they were responsible

AfD in Saxony-Anhalt says Landesparteiag

  … cafetheology.org is an offer of the Ströer Content Group      

Real Madrid In La Liga

Real Madrid In La Liga The Primera División, commonly known as La Liga