Lucene search
HistoryJan 14, 2009 - 11:30 p.m.
CVE-2009-0041
cve-2009-0041
asterisk open source
business edition
username enumeration
iax2
remote attackers
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.3%
IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Affected configurations
Node
asteriskasterisk_business_editionRange≤b.2.5.2
ORasteriskasterisk_business_editionRange≤c.1.0beta8
ORasteriskasterisk_business_editionMatcha
ORasteriskasterisk_business_editionMatchb.1.3.2
ORasteriskasterisk_business_editionMatchb.1.3.3
ORasteriskasterisk_business_editionMatchb.2.2.0
ORasteriskasterisk_business_editionMatchb.2.2.1
ORasteriskasterisk_business_editionMatchb.2.3.1
ORasteriskasterisk_business_editionMatchb.2.3.2
ORasteriskasterisk_business_editionMatchb.2.3.3
ORasteriskasterisk_business_editionMatchb.2.3.4
ORasteriskasterisk_business_editionMatchb.2.3.5
ORasteriskasterisk_business_editionMatchb.2.3.6
ORasteriskasterisk_business_editionMatchb.2.5.0
ORasteriskasterisk_business_editionMatchb.2.5.1
ORasteriskasterisk_business_editionMatchb.2.5.3
ORasteriskasterisk_business_editionMatchc.1.0beta7
ORasteriskopen_sourceRange≤1.2.30.4
ORasteriskopen_sourceRange≤1.4.23rc3
ORasteriskopen_sourceRange≤1.6.0.3rc1
ORasteriskopen_sourceMatch1.2.0
ORasteriskopen_sourceMatch1.2.0beta1
ORasteriskopen_sourceMatch1.2.0beta2
ORasteriskopen_sourceMatch1.2.0rc1
ORasteriskopen_sourceMatch1.2.0rc2
ORasteriskopen_sourceMatch1.2.0beta1
ORasteriskopen_sourceMatch1.2.0beta2
ORasteriskopen_sourceMatch1.2.1
ORasteriskopen_sourceMatch1.2.2
ORasteriskopen_sourceMatch1.2.2netsec
ORasteriskopen_sourceMatch1.2.3
ORasteriskopen_sourceMatch1.2.3netsec
ORasteriskopen_sourceMatch1.2.10
ORasteriskopen_sourceMatch1.2.10netsec
ORasteriskopen_sourceMatch1.2.11
ORasteriskopen_sourceMatch1.2.11netsec
ORasteriskopen_sourceMatch1.2.12
ORasteriskopen_sourceMatch1.2.12netsec
ORasteriskopen_sourceMatch1.2.12.1
ORasteriskopen_sourceMatch1.2.12.1netsec
ORasteriskopen_sourceMatch1.2.13
ORasteriskopen_sourceMatch1.2.13netsec
ORasteriskopen_sourceMatch1.2.14
ORasteriskopen_sourceMatch1.2.14netsec
ORasteriskopen_sourceMatch1.2.15
ORasteriskopen_sourceMatch1.2.15netsec
ORasteriskopen_sourceMatch1.2.16
ORasteriskopen_sourceMatch1.2.16netsec
ORasteriskopen_sourceMatch1.2.17
ORasteriskopen_sourceMatch1.2.17netsec
ORasteriskopen_sourceMatch1.2.18
ORasteriskopen_sourceMatch1.2.18netsec
ORasteriskopen_sourceMatch1.2.19
ORasteriskopen_sourceMatch1.2.19netsec
ORasteriskopen_sourceMatch1.2.20
ORasteriskopen_sourceMatch1.2.20netsec
ORasteriskopen_sourceMatch1.2.21
ORasteriskopen_sourceMatch1.2.21netsec
ORasteriskopen_sourceMatch1.2.21.1
ORasteriskopen_sourceMatch1.2.21.1netsec
ORasteriskopen_sourceMatch1.2.22
ORasteriskopen_sourceMatch1.2.22netsec
ORasteriskopen_sourceMatch1.2.23
ORasteriskopen_sourceMatch1.2.23netsec
ORasteriskopen_sourceMatch1.2.24
ORasteriskopen_sourceMatch1.2.24netsec
ORasteriskopen_sourceMatch1.2.25
ORasteriskopen_sourceMatch1.2.25netsec
ORasteriskopen_sourceMatch1.2.26
ORasteriskopen_sourceMatch1.2.26netsec
ORasteriskopen_sourceMatch1.2.26.1
ORasteriskopen_sourceMatch1.2.26.1netsec
ORasteriskopen_sourceMatch1.2.26.2
ORasteriskopen_sourceMatch1.2.26.2netsec
ORasteriskopen_sourceMatch1.2.27
ORasteriskopen_sourceMatch1.2.28
ORasteriskopen_sourceMatch1.2.29
ORasteriskopen_sourceMatch1.2.30
ORasteriskopen_sourceMatch1.2.30.2
ORasteriskopen_sourceMatch1.2.30.3
ORasteriskopen_sourceMatch1.4.0
ORasteriskopen_sourceMatch1.4.0beta2
ORasteriskopen_sourceMatch1.4.0beta3
ORasteriskopen_sourceMatch1.4.0beta4
ORasteriskopen_sourceMatch1.4.1
ORasteriskopen_sourceMatch1.4.2
ORasteriskopen_sourceMatch1.4.3
ORasteriskopen_sourceMatch1.4.4
ORasteriskopen_sourceMatch1.4.5
ORasteriskopen_sourceMatch1.4.6
ORasteriskopen_sourceMatch1.4.7
ORasteriskopen_sourceMatch1.4.7.1
ORasteriskopen_sourceMatch1.4.8
ORasteriskopen_sourceMatch1.4.9
ORasteriskopen_sourceMatch1.4.10
ORasteriskopen_sourceMatch1.4.10.1
ORasteriskopen_sourceMatch1.4.11
ORasteriskopen_sourceMatch1.4.12
ORasteriskopen_sourceMatch1.4.12.1
ORasteriskopen_sourceMatch1.4.13
ORasteriskopen_sourceMatch1.4.14
ORasteriskopen_sourceMatch1.4.15
ORasteriskopen_sourceMatch1.4.16
ORasteriskopen_sourceMatch1.4.16.1
ORasteriskopen_sourceMatch1.4.16.2
ORasteriskopen_sourceMatch1.4.17
ORasteriskopen_sourceMatch1.4.18
ORasteriskopen_sourceMatch1.4.18.1
ORasteriskopen_sourceMatch1.4.19
ORasteriskopen_sourceMatch1.4.19rc1
ORasteriskopen_sourceMatch1.4.19rc2
ORasteriskopen_sourceMatch1.4.19rc3
ORasteriskopen_sourceMatch1.4.19rc4
ORasteriskopen_sourceMatch1.4.19.1
ORasteriskopen_sourceMatch1.4.19.2
ORasteriskopen_sourceMatch1.4.20
ORasteriskopen_sourceMatch1.4.20rc1
ORasteriskopen_sourceMatch1.4.20rc2
ORasteriskopen_sourceMatch1.4.20rc3
ORasteriskopen_sourceMatch1.4.21
ORasteriskopen_sourceMatch1.4.21rc1
ORasteriskopen_sourceMatch1.4.21rc2
ORasteriskopen_sourceMatch1.4.21.1
ORasteriskopen_sourceMatch1.4.21.2
ORasteriskopen_sourceMatch1.4.22
ORasteriskopen_sourceMatch1.4.22rc3
ORasteriskopen_sourceMatch1.4.22rc4
ORasteriskopen_sourceMatch1.4.22.1
ORasteriskopen_sourceMatch1.4.22.2
ORasteriskopen_sourceMatch1.4.23
ORasteriskopen_sourceMatch1.4.23rc1
ORasteriskopen_sourceMatch1.4.23rc2
ORasteriskopen_sourceMatch1.4_revision_95946
ORasteriskopen_sourceMatch1.4beta
ORasteriskopen_sourceMatch1.6.0beta1
ORasteriskopen_sourceMatch1.6.0beta2
ORasteriskopen_sourceMatch1.6.0beta3
ORasteriskopen_sourceMatch1.6.0beta4
ORasteriskopen_sourceMatch1.6.0beta5
ORasteriskopen_sourceMatch1.6.0beta7
ORasteriskopen_sourceMatch1.6.0beta7.1
ORasteriskopen_sourceMatch1.6.0beta8
ORasteriskopen_sourceMatch1.6.0beta9
ORasteriskopen_sourceMatch1.6.0rc4
ORasteriskopen_sourceMatch1.6.0rc5
ORasteriskopen_sourceMatch1.6.0rc6
ORasteriskopen_sourceMatch1.6.0.1
ORasteriskopen_sourceMatch1.6.0.2
ORasteriskopen_sourceMatch1.6.0.3
ORasterisks800i_applianceMatch1.2
References
downloads.digium.com/pub/security/AST-2009-001.html
secunia.com/advisories/33453
secunia.com/advisories/34982
secunia.com/advisories/37677
security.gentoo.org/glsa/glsa-200905-01.xml
securityreason.com/securityalert/4910
www.debian.org/security/2009/dsa-1952
www.securityfocus.com/archive/1/499884/100/0/threaded
www.securityfocus.com/bid/33174
www.securitytracker.com/id?1021549
www.vupen.com/english/advisories/2009/0063
Related
openvas
openvas
Fedora Core 9 FEDORA-2009-0973 (asterisk)
2009-02-13 00:00:00
Fedora Core 10 FEDORA-2009-0984 (asterisk)
2009-02-13 00:00:00
Fedora Core 10 FEDORA-2009-0984 (asterisk)
2009-02-13 00:00:00
prion
prion
Code injection
2009-01-14 23:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: asterisk-1.6.0.5-2.fc10
2009-02-13 04:37:03
[SECURITY] Fedora 9 Update: dahdi-tools-2.0.0-1.fc9
2009-02-13 04:56:19
[SECURITY] Fedora 9 Update: libresample-0.1.3-9.fc9
2009-02-13 04:56:19
securityvulns
securityvulns
Asterisk user account enumeration
2009-01-09 00:00:00
AST-2009-001: Information leak in IAX2 authentication
2009-01-09 00:00:00
cvelist
cvelist
CVE-2009-0041
2009-01-14 23:00:00
nvd
nvd
CVE-2009-0041
2009-01-14 23:30:00
debiancve
debiancve
CVE-2009-0041
2009-01-14 23:30:00
nessus
nessus
seebug
seebug
Asterisk IAX2认证响应信息泄露漏洞
2009-01-11 00:00:00
ubuntucve
ubuntucve
CVE-2009-0041
2009-01-14 00:00:00
debian
debian
[SECURITY] [DSA 1952-1] New asterisk packages fix several vulnerabilities
2009-12-15 13:06:23
osv
osv
asterisk - several vulnerabilities
2009-12-15 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2009-05-02 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.3%
Related for CVE-2009-0041