Alpine: multiple asterisk packages: security update to 14.6.1-r0 (deprecated)

high Tenable Cloud Security Plugin ID 400811

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and
Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized data disclosure
(media takeover in the RTP stack) is possible with careful timing by an attacker. The "strictrtp" option
in rtp.conf enables a feature of the RTP stack that learns the source address of media for a session and
drops any packets that do not originate from the expected address. This option is enabled by default in
Asterisk 11 and above. The "nat" and "rtp_symmetric" options (for chan_sip and chan_pjsip, respectively)
enable symmetric RTP support in the RTP stack. This uses the source address of incoming media as the
target address of any sent media. This option is not enabled by default, but is commonly enabled to handle
devices behind NAT. A change was made to the strict RTP support in the RTP stack to better tolerate late
media when a reinvite occurs. When combined with the symmetric RTP support, this introduced an avenue
where media could be hijacked. Instead of only learning a new address when expected, the new code allowed
a new source address to be learned at all times. If a flood of RTP traffic was received, the strict RTP
support would allow the new address to provide media, and (with symmetric RTP enabled) outgoing traffic
would be sent to this new address, allowing the media to be hijacked. Provided the attacker continued to
send traffic, they would continue to receive traffic as well. (CVE-2017-14099)

See Also

https://git.alpinelinux.org/aports/commit/?id=506d3af9a81cf3d9bdb8f84ff87b31f1e1b9bd98

https://git.alpinelinux.org/aports/commit/?id=fe8baeade3b3c53c3e3eba69adc9bfd6fdcd22e9

Plugin Details

Severity: High

ID: 400811

Version: Revision 1.23

Type: Local

Published: 8/16/2023

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2017-14099

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 9/20/2017

Vulnerability Publication Date: 8/31/2017

Reference Information

CVE: CVE-2017-14099

BID: 100669

IAVA: 2017-A-0260-S