[VOIPSEC] AST-2009-010: RTP Remote Crash Vulnerability
Dan York
dyork at voxeo.com
Mon Nov 30 16:42:19 CST 2009
David,
Thanks for sending the advisory to VOIPSEC. One question about this
part:
On Nov 30, 2009, at 4:58 PM, Asterisk Security Team wrote:
>
>
> +
> ------------------------------------------------------------------------+
> | Description | An attacker sending a valid RTP comfort noise
> payload |
> | | containing a data length of 24 bytes or greater
> can |
> | | remotely crash
> Asterisk. |
>
> +
> ------------------------------------------------------------------------+
Presumably the attacker would have to be in a call to the Asterisk
system, correct? i.e. the attacker would have to call into the
Asterisk box over an IP connection (SIP or IAX?) and start streaming
RTP and then send the bogus packet. (Or inject themself into the
middle of an existing RTP stream and insert the bogus RTP packet.)
So the mitigating circumstance would be that the Asterisk system must
accept calls over IP connections. Asterisk systems that only connect
to the PSTN (either through local cards or authenticated/secured SIP
trunks) would not be open to this attack, correct? (unless an
attacker could do a MITM attack on the SIP trunk)
Thanks,
Dan (who is not currently running an Asterisk system but has friends
who are)
--
Dan York, Director of Conversations
Voxeo Corporation http://www.voxeo.com dyork at voxeo.com
Phone: +1-407-455-5859 Skype: danyork
Join the Voxeo conversation:
Blogs: http://blogs.voxeo.com
Twitter: http://twitter.com/voxeo http://twitter.com/danyork
Facebook: http://www.facebook.com/voxeo
More information about the Voipsec
mailing list