CVE-2009-3727

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
digiumasterisk
1.2.0
digiumasterisk
1.2.0:beta1
digiumasterisk
1.2.0:beta2
digiumasterisk
1.2.0:rc1
digiumasterisk
1.2.0:rc2
digiumasterisk
1.2.1
digiumasterisk
1.2.2
digiumasterisk
1.2.2:netsec
digiumasterisk
1.2.3
digiumasterisk
1.2.3:netsec
digiumasterisk
1.2.10
digiumasterisk
1.2.10:netsec
digiumasterisk
1.2.11
digiumasterisk
1.2.11:netsec
digiumasterisk
1.2.12
digiumasterisk
1.2.12:netsec
digiumasterisk
1.2.12.1
digiumasterisk
1.2.12.1:netsec
digiumasterisk
1.2.13
digiumasterisk
1.2.13:netsec
digiumasterisk
1.2.14
digiumasterisk
1.2.15
digiumasterisk
1.2.15:netsec
digiumasterisk
1.2.16
digiumasterisk
1.2.16:netsec
digiumasterisk
1.2.17
digiumasterisk
1.2.17:netsec
digiumasterisk
1.2.18
digiumasterisk
1.2.18:netsec
digiumasterisk
1.2.19
digiumasterisk
1.2.19:netsec
digiumasterisk
1.2.20
digiumasterisk
1.2.20:netsec
digiumasterisk
1.2.21
digiumasterisk
1.2.21:netsec
digiumasterisk
1.2.21.1
digiumasterisk
1.2.21.1:netsec
digiumasterisk
1.2.22
digiumasterisk
1.2.22:netsec
digiumasterisk
1.2.23
digiumasterisk
1.2.23:netsec
digiumasterisk
1.2.24
digiumasterisk
1.2.24:netsec
digiumasterisk
1.2.25
digiumasterisk
1.2.25:netsec
digiumasterisk
1.2.26
digiumasterisk
1.2.26:netsec
digiumasterisk
1.2.26.1
digiumasterisk
1.2.26.1:netsec
digiumasterisk
1.2.26.2
digiumasterisk
1.2.26.2:netsec
digiumasterisk
1.2.27
digiumasterisk
1.2.28
digiumasterisk
1.2.28.1
digiumasterisk
1.2.29
digiumasterisk
1.2.30
digiumasterisk
1.2.30.1
digiumasterisk
1.2.30.2
digiumasterisk
1.2.30.3
digiumasterisk
1.2.30.4
digiumasterisk
1.2.31
digiumasterisk
1.2.31.1
digiumasterisk
1.2.32
digiumasterisk
1.2.33
digiumasterisk
1.2.34
digiumasterisk
1.4.0
digiumasterisk
1.4.0:beta1
digiumasterisk
1.4.0:beta2
digiumasterisk
1.4.0:beta3
digiumasterisk
1.4.0:beta4
digiumasterisk
1.4.1
digiumasterisk
1.4.2
digiumasterisk
1.4.3
digiumasterisk
1.4.4
digiumasterisk
1.4.5
digiumasterisk
1.4.6
digiumasterisk
1.4.7
digiumasterisk
1.4.7.1
digiumasterisk
1.4.8
digiumasterisk
1.4.9
digiumasterisk
1.4.10
digiumasterisk
1.4.10.1
digiumasterisk
1.4.11
digiumasterisk
1.4.12
digiumasterisk
1.4.12.1
digiumasterisk
1.4.13
digiumasterisk
1.4.14
digiumasterisk
1.4.15
digiumasterisk
1.4.16
digiumasterisk
1.4.16.1
digiumasterisk
1.4.16.2
digiumasterisk
1.4.17
digiumasterisk
1.4.18
digiumasterisk
1.4.19
digiumasterisk
1.4.19:rc1
digiumasterisk
1.4.19:rc2
digiumasterisk
1.4.19:rc3
digiumasterisk
1.4.19:rc4
digiumasterisk
1.4.19.1
digiumasterisk
1.4.19.2
digiumasterisk
1.4.20
digiumasterisk
1.4.20:rc1
digiumasterisk
1.4.20:rc2
digiumasterisk
1.4.20:rc3
digiumasterisk
1.4.20.1
digiumasterisk
1.4.21
digiumasterisk
1.4.21:rc1
digiumasterisk
1.4.21:rc2
digiumasterisk
1.4.21.1
digiumasterisk
1.4.21.2
digiumasterisk
1.4.22
digiumasterisk
1.4.22:rc1
digiumasterisk
1.4.22:rc2
digiumasterisk
1.4.22:rc3
digiumasterisk
1.4.22:rc4
digiumasterisk
1.4.22:rc5
digiumasterisk
1.4.22.1
digiumasterisk
1.4.22.2
digiumasterisk
1.4.23
digiumasterisk
1.4.23:rc1
digiumasterisk
1.4.23:rc2
digiumasterisk
1.4.23:rc3
digiumasterisk
1.4.23:rc4
digiumasterisk
1.4.23.1
digiumasterisk
1.4.23.2
digiumasterisk
1.4.24
digiumasterisk
1.4.24:rc1
digiumasterisk
1.4.24.1
digiumasterisk
1.4.25
digiumasterisk
1.4.25:rc1
digiumasterisk
1.4.25.1
digiumasterisk
1.4.26
digiumasterisk
1.4.26:rc1
digiumasterisk
1.4.26:rc2
digiumasterisk
1.4.26:rc3
digiumasterisk
1.4.26:rc4
digiumasterisk
1.4.26:rc5
digiumasterisk
1.4.26:rc6
digiumasterisk
1.4.26.1
digiumasterisk
1.4.26.2
digiumasterisk
1.6.0
digiumasterisk
1.6.0:beta1
digiumasterisk
1.6.0:beta2
digiumasterisk
1.6.0:beta3
digiumasterisk
1.6.0:beta4
digiumasterisk
1.6.0:beta5
digiumasterisk
1.6.0:beta6
digiumasterisk
1.6.0:beta7
digiumasterisk
1.6.0:beta7.1
digiumasterisk
1.6.0:beta8
digiumasterisk
1.6.0:beta9
digiumasterisk
1.6.0:rc4
digiumasterisk
1.6.0:rc5
digiumasterisk
1.6.0:rc6
digiumasterisk
1.6.0.1
digiumasterisk
1.6.0.2
digiumasterisk
1.6.0.3
digiumasterisk
1.6.0.3:rc1
digiumasterisk
1.6.0.4:rc1
digiumasterisk
1.6.0.5
digiumasterisk
1.6.0.6
digiumasterisk
1.6.0.7
digiumasterisk
1.6.0.8
digiumasterisk
1.6.0.9
digiumasterisk
1.6.0.10
digiumasterisk
1.6.0.11
digiumasterisk
1.6.0.11:rc1
digiumasterisk
1.6.0.11:rc2
digiumasterisk
1.6.0.14
digiumasterisk
1.6.0.14:rc1
digiumasterisk
1.6.0.15
digiumasterisk
1.6.0.16
digiumasterisk
1.6.0.16:rc1
digiumasterisk
1.6.0.16:rc2
digiumasterisk
1.6.1.0
digiumasterisk
1.6.1.0:rc2
digiumasterisk
1.6.1.0:rc3
digiumasterisk
1.6.1.0:rc4
digiumasterisk
1.6.1.0:rc5
digiumasterisk
1.6.1.1
digiumasterisk
1.6.1.2
digiumasterisk
1.6.1.3:rc1
digiumasterisk
1.6.1.4
digiumasterisk
1.6.1.5
digiumasterisk
1.6.1.5:rc1
digiumasterisk
1.6.1.6
digiumasterisk
1.6.1.7:rc1
digiumasterisk
1.6.1.7:rc2
digiumasterisk
1.6.1.8
digiumasterisk
1.6.1.10:rc1
digiumasterisk
1.6.1.10:rc2
digiumasterisknow
1.5
digiums800i
1.3.0
digiums800i
1.3.0.2
digiums800i
1.3.0.3
digiums800i
1.3.0.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
lenny
no-dsa
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
Fixed 1:1.6.2.0~rc2-0ubuntu1.1
released
jaunty
ignored
intrepid
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://downloads.asterisk.org/pub/security/AST-2009-008.html
http://osvdb.org/59697
http://secunia.com/advisories/37265
http://secunia.com/advisories/37479
http://secunia.com/advisories/37677
http://www.debian.org/security/2009/dsa-1952
http://www.securityfocus.com/bid/36924
http://www.securitytracker.com/id?1023133
https://bugzilla.redhat.com/show_bug.cgi?id=523277
https://bugzilla.redhat.com/show_bug.cgi?id=533137
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html
http://downloads.asterisk.org/pub/security/AST-2009-008.html
http://osvdb.org/59697
http://secunia.com/advisories/37265
http://secunia.com/advisories/37479
http://secunia.com/advisories/37677
http://www.debian.org/security/2009/dsa-1952
http://www.securityfocus.com/bid/36924
http://www.securitytracker.com/id?1023133
https://bugzilla.redhat.com/show_bug.cgi?id=523277
https://bugzilla.redhat.com/show_bug.cgi?id=533137
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00789.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00838.html