Last week, information was published about one of the vulnerabilities of the Asterisk service. Security experts from the company Enable Security warn that it can be more serious than it seemed at first glance. Vulnerability allows to intercept calls in the popular IP-telephony service.

The vulnerability, called "RTPbleed", first appeared in September 2011, the same month it was fixed, but then it was discovered again in 2013.

The problem occurs during Network Address Translation (NAT). In Asterisk, a vulnerability can be exploited when the system is configured to support the translation of IP addresses (nat = yes and strictrtp = yes options). This is the default configuration, since NAT is fairly common.

The peculiarity of this error lies in the fact that the attacker does not need to be between the two ends of the conversation - a system with a vulnerable implementation of RTP itself will send him packets of information.

To exploit the vulnerability, an attacker should send specially crafted RTP packets to the Asterisk server port available from the Internet and force the vulnerable application to send a copy of all IP traffic to the remote server.

The patch released by Asterisk limits the vulnerability window to the first few milliseconds. Nevertheless, an attacker can still use the error if it continuously sends RTP packets.