Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Asterisk Peer IAX2 Call Handling ACL Rule Bypass (AST-2012-013)

Medium

Synopsis

The remote VoIP server is affected by a security bypass vulnerability.

Description

According to the version in its SIP banner, the version of Asterisk running on the remote host is potentially affected by a vulnerability that could allow a remote, authenticated attacker to bypass access controls on out-bound calls.

Inter-Asterisk eXchange (IAX2) out-bound call restrictions can be bypassed if peer credentials, defined in a dynamic Asterisk Realtime Architecture (ARA) backend, are used by an attacker.

Solution

Upgrade to Asterisk 1.8.15.1 / 10.7.1 or apply the patches listed in the Asterisk advisory