CVE Vulnerabilities

CVE-2011-2666

Published: Jul 06, 2011 | Modified: Aug 29, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
LOW

The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.

Affected Software

Name Vendor Start Version End Version
Asterisk Digium 1.6.2.0 (including) 1.6.2.0 (including)
Asterisk Digium 1.6.2.0-rc2 (including) 1.6.2.0-rc2 (including)
Asterisk Digium 1.6.2.0-rc3 (including) 1.6.2.0-rc3 (including)
Asterisk Digium 1.6.2.0-rc4 (including) 1.6.2.0-rc4 (including)
Asterisk Digium 1.6.2.0-rc5 (including) 1.6.2.0-rc5 (including)
Asterisk Digium 1.6.2.0-rc6 (including) 1.6.2.0-rc6 (including)
Asterisk Digium 1.6.2.0-rc7 (including) 1.6.2.0-rc7 (including)
Asterisk Digium 1.6.2.0-rc8 (including) 1.6.2.0-rc8 (including)
Asterisk Digium 1.6.2.1 (including) 1.6.2.1 (including)
Asterisk Digium 1.6.2.1-rc1 (including) 1.6.2.1-rc1 (including)
Asterisk Digium 1.6.2.2 (including) 1.6.2.2 (including)
Asterisk Digium 1.6.2.3-rc2 (including) 1.6.2.3-rc2 (including)
Asterisk Digium 1.6.2.4 (including) 1.6.2.4 (including)
Asterisk Digium 1.6.2.5 (including) 1.6.2.5 (including)
Asterisk Digium 1.6.2.6 (including) 1.6.2.6 (including)
Asterisk Digium 1.6.2.6-rc1 (including) 1.6.2.6-rc1 (including)
Asterisk Digium 1.6.2.6-rc2 (including) 1.6.2.6-rc2 (including)
Asterisk Digium 1.6.2.15-rc1 (including) 1.6.2.15-rc1 (including)
Asterisk Digium 1.6.2.16 (including) 1.6.2.16 (including)
Asterisk Digium 1.6.2.16-rc1 (including) 1.6.2.16-rc1 (including)
Asterisk Digium 1.6.2.16.1 (including) 1.6.2.16.1 (including)
Asterisk Digium 1.6.2.16.2 (including) 1.6.2.16.2 (including)
Asterisk Digium 1.6.2.17 (including) 1.6.2.17 (including)
Asterisk Digium 1.6.2.17-rc1 (including) 1.6.2.17-rc1 (including)
Asterisk Digium 1.6.2.17-rc2 (including) 1.6.2.17-rc2 (including)
Asterisk Digium 1.6.2.17-rc3 (including) 1.6.2.17-rc3 (including)
Asterisk Digium 1.6.2.17.1 (including) 1.6.2.17.1 (including)
Asterisk Digium 1.6.2.17.2 (including) 1.6.2.17.2 (including)
Asterisk Digium 1.6.2.17.3 (including) 1.6.2.17.3 (including)
Asterisk Digium 1.6.2.18 (including) 1.6.2.18 (including)
Asterisk Digium 1.6.2.18-rc1 (including) 1.6.2.18-rc1 (including)
Asterisk Digium 1.6.2.18.1 (including) 1.6.2.18.1 (including)
Asterisk Digium 1.6.2.18.2 (including) 1.6.2.18.2 (including)
Asterisk Ubuntu hardy *
Asterisk Ubuntu lucid *
Asterisk Ubuntu maverick *
Asterisk Ubuntu natty *

References