[asterisk-bugs] [Asterisk 0015076]: Early media bridged from caller to callee allows free calls
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon May 11 16:11:00 CDT 2009
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=15076
======================================================================
Reported By: fnordian
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 15076
Category: Applications/app_dial
Reproducibility: always
Severity: minor
Priority: normal
Status: new
Asterisk Version: SVN
Regression: No
SVN Branch (only for SVN checkouts, not tarball releases): 1.6.1
SVN Revision (number only!): 185949
Request Review:
======================================================================
Date Submitted: 2009-05-11 06:15 CDT
Last Modified: 2009-05-11 16:11 CDT
======================================================================
Summary: Early media bridged from caller to callee allows
free calls
Description:
Hi,
german security press reported about this last week (
http://www.heise.de/security/Lauschangriff-in-VoIP-Netzen--/artikel/137297
). The problem occurs on receiving a call and placing it to an user.
Ringing and session progress data are bridged from the callee to the caller
and that's good. The bad thing is that media-data from the caller is
forwarded to the callee. This allows among other problems free calls. I
learned that this might be wanted behavior e.g. for call centers, but it's
not good for gateways.
There should be an option for Dial() to disable the forwarding of
media-data to the callee during call-setup.
======================================================================
----------------------------------------------------------------------
(0104554) tilghman (administrator) - 2009-05-11 16:11
http://bugs.digium.com/view.php?id=15076#c104554
----------------------------------------------------------------------
You're talking about the design of early media, and it is functioning as
designed. While it may not function the way you'd like, it is not a
security hole. At best, this is a feature request requesting early media
to be turned off.
Issue History
Date Modified Username Field Change
======================================================================
2009-05-11 16:11 tilghman Note Added: 0104554
======================================================================
More information about the asterisk-bugs
mailing list