asterisk -- RTP/RTCP information leak
The Asterisk project reports:
This is a follow up advisory to AST-2017-005.
Insufficient RTCP packet validation could allow reading
stale buffer contents and when combined with the "nat"
and "symmetric_rtp" options allow redirecting where
Asterisk sends the next RTCP report.
The RTP stream qualification to learn the source address
of media always accepted the first RTP packet as the new
source and allowed what AST-2017-005 was mitigating. The
intent was to qualify a series of packets before accepting
the new source address.
The RTP/RTCP stack will now validate RTCP packets before processing them.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright