Asterisk Project Security Advisory - AST-2017-005
Posted: Sun May 06, 2018 6:07 pmIf this has already been covered in a previous thread please let me know.
Here is the potential concern: rtp streams could be hijacked and voip calls eavesdropped on. It seems asterisk has put out patches for versions from 11 up to 14. Here is asterisk’s advisory:
http://seclists.org/fulldisclosure/2017/Aug/43
I just checked my asterisk dialer. It is set to nat=force_rport,comedia and my carrier config has nat=no. But I did recently go from public facing servers to behind nat servers, and I was concerned I might be using nat=yes.
This issue is almost a year old. Is it something that should concern vicibox/vicidial users?
Thanks,
John M
Here is the potential concern: rtp streams could be hijacked and voip calls eavesdropped on. It seems asterisk has put out patches for versions from 11 up to 14. Here is asterisk’s advisory:
http://seclists.org/fulldisclosure/2017/Aug/43
I just checked my asterisk dialer. It is set to nat=force_rport,comedia and my carrier config has nat=no. But I did recently go from public facing servers to behind nat servers, and I was concerned I might be using nat=yes.
This issue is almost a year old. Is it something that should concern vicibox/vicidial users?
Thanks,
John M