Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6430

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6430
Last Modified 07 Mar 2011 10:02:42
Published 19 Dec 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6430

Summary

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Vulnerable Systems

Application

  • Asterisk Business Edition B.1.3.2

  • Asterisk Business Edition B.1.3.3

  • Asterisk Business Edition B.2.2.0

  • Asterisk Business Edition B.2.2.1

  • Asterisk Business Edition B.2.3.1

  • Asterisk Business Edition B.2.3.2

  • Asterisk Business Edition B.2.3.3

  • Asterisk Business Edition B.2.3.4

  • Asterisk Business Edition C.1.0beta7

  • Asterisk Open Source 1.2.0beta1

  • Asterisk Open Source 1.2.0beta2

  • Asterisk Open Source 1.2.10

  • Asterisk Open Source 1.2.11

  • Asterisk Open Source 1.2.13

  • Asterisk Open Source 1.2.14

  • Asterisk Open Source 1.2.15

  • Asterisk Open Source 1.2.16

  • Asterisk Open Source 1.2.17

  • Asterisk Open Source 1.2.18

  • Asterisk Open Source 1.2.19

  • Asterisk Open Source 1.2.21

  • Asterisk Open Source 1.2.22

  • Asterisk Open Source 1.2.23

  • Asterisk Open Source 1.2.24

  • Asterisk Open Source 1.2.25

  • Asterisk Open Source 1.2.5

  • Asterisk Open Source 1.2.6

  • Asterisk Open Source 1.2.7

  • Asterisk Open Source 1.2.8

  • Asterisk Open Source 1.2.9

  • Asterisk Open Source 1.4.1

  • Asterisk Open Source 1.4.10

  • Asterisk Open Source 1.4.11

  • Asterisk Open Source 1.4.12

  • Asterisk Open Source 1.4.13

  • Asterisk Open Source 1.4.14

  • Asterisk Open Source 1.4.15

  • Asterisk Open Source 1.4.2

  • Asterisk Open Source 1.4.3

  • Asterisk Open Source 1.4.4

  • Asterisk Open Source 1.4.5

  • Asterisk Open Source 1.4.6

  • Asterisk Open Source 1.4.7

  • Asterisk Open Source 1.4.8

  • Asterisk Open Source 1.4.9

  • Asterisk Open Source 1.4beta


References

XF - asterisk-registration-security-bypass(39124)

VUPEN - ADV-2007-4260

SECTRACK - 1019110

BID - 26928

BUGTRAQ - 20071218 AST-2007-027 - Database matching order permits host-based authentication to be ignored

SECUNIA - 28149

CONFIRM - http://downloads.digium.com/pub/security/AST-2007-027.html

OSVDB - 39519

DEBIAN - DSA-1525

SREASON - 3467

GENTOO - GLSA-200804-13

SECUNIA - 29782

SECUNIA - 29456

SECUNIA - 29242

SUSE - SUSE-SR:2008:005


Last Updated: 27 May 2016 10:46:30