Lucene search

Ubuntu.comUB:CVE-2009-3727

HistoryNov 10, 2009 - 12:00 a.m.

CVE-2009-3727

2009-11-1000:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.013

Percentile

85.9%

JSON

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x
before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x
before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2;
AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error
messages depending on whether a SIP username is valid, which allows remote
attackers to enumerate valid usernames via multiple crafted REGISTER
messages with inconsistent usernames in the URI in the To header and the
Digest in the Authorization header.

Bugs

<https://bugs.launchpad.net/ubuntu/karmic/+source/asterisk/+bug/491637>

OSVersionArchitecturePackageVersionFilename
ubuntu9.10noarchasterisk< 1:1.6.2.0~rc2-0ubuntu1.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	9.10	noarch	asterisk	< 1:1.6.2.0~rc2-0ubuntu1.1	UNKNOWN

References

downloads.asterisk.org/pub/security/AST-2009-008.html

launchpad.net/bugs/cve/CVE-2009-3727

nvd.nist.gov/vuln/detail/CVE-2009-3727

security-tracker.debian.org/tracker/CVE-2009-3727

www.cve.org/CVERecord?id=CVE-2009-3727

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.013

Percentile

85.9%

JSON

Related for UB:CVE-2009-3727