Asterisk Project Security Advisory - AST-2017-005

Any and all non-support discussions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Asterisk Project Security Advisory - AST-2017-005

Postby thephaseusa » Sun May 06, 2018 6:07 pm

If this has already been covered in a previous thread please let me know.

Here is the potential concern: rtp streams could be hijacked and voip calls eavesdropped on. It seems asterisk has put out patches for versions from 11 up to 14. Here is asterisk’s advisory:

http://seclists.org/fulldisclosure/2017/Aug/43

I just checked my asterisk dialer. It is set to nat=force_rport,comedia and my carrier config has nat=no. But I did recently go from public facing servers to behind nat servers, and I was concerned I might be using nat=yes.

This issue is almost a year old. Is it something that should concern vicibox/vicidial users?

Thanks,
John M
thephaseusa
 
Posts: 345
Joined: Tue May 16, 2017 2:23 pm

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 52 guests