Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-2536

Опубликовано: 06 июл. 2011
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:digium:asterisk:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:beta5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.0:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.1.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.2.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.3.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.8.4.3:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:digium:asterisk:1.6.2.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc6:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc7:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.0:rc8:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.1:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.3:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.6:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.6:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.15:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.16.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.17.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.18:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.18:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.6.2.18.1:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:digium:asterisk:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.12:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.13:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.14:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.15:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.16:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.17:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.18:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.24:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.25:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.26.3:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc4:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27:rc5:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.27.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.28:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.28:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.29:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.29:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.29.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.30:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.30:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.30:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.31:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.31:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.31:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.32:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.32:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.33.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.34:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.34:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.34:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.35:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.35:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.36:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.36:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.37:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.37:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.38:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.38:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.39.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:rc2:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40:rc3:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40.1:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.40.2:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.41:*:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.41:rc1:*:*:*:*:*:*
cpe:2.3:a:digium:asterisk:1.4.41.1:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:digium:asterisk:c.3.0:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.1.1:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.2.2:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.2.3:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.3.2:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.6.2:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.6.3:-:business:*:*:*:*:*
cpe:2.3:a:digium:asterisk:c.3.6.4:-:business:*:*:*:*:*

EPSS

Процентиль: 41%
0.00187
Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2011-2536

ubuntu
больше 14 лет назад

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

debian логотип

CVE-2011-2536

debian
больше 14 лет назад

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x bef ...

github логотип

GHSA-939c-fxc3-rc2x

github
больше 3 лет назад

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

EPSS

Процентиль: 41%
0.00187
Низкий

5 Medium

CVSS2

Дефекты

CWE-200
Уязвимость CVE-2011-2536