CVE-2009-3727
N/A
N/A
Summary
Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://secunia.com/advisories/37265
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
- http://secunia.com/advisories/37479
- http://secunia.com/advisories/37677
- http://www.debian.org/security/2009/dsa-1952
- https://bugzilla.redhat.com/show_bug.cgi?id=523277
- https://bugzilla.redhat.com/show_bug.cgi?id=533137
- http://www.securityfocus.com/bid/36924
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
- http://osvdb.org/59697
- http://downloads.asterisk.org/pub/security/AST-2009-008.html
- http://www.securitytracker.com/id?1023133
References
- http://secunia.com/advisories/37265
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
- http://secunia.com/advisories/37479
- http://secunia.com/advisories/37677
- http://www.debian.org/security/2009/dsa-1952
- https://bugzilla.redhat.com/show_bug.cgi?id=523277
- https://bugzilla.redhat.com/show_bug.cgi?id=533137
- http://www.securityfocus.com/bid/36924
- https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
- http://osvdb.org/59697
- http://downloads.asterisk.org/pub/security/AST-2009-008.html
- http://www.securitytracker.com/id?1023133
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.