CVE-2011-2536
06.07.2011, 19:55
chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.Enginsight
| Vendor | Product | Version |
|---|---|---|
| digium | asterisk | 1.8.0 |
| digium | asterisk | 1.8.0:beta1 |
| digium | asterisk | 1.8.0:beta2 |
| digium | asterisk | 1.8.0:beta3 |
| digium | asterisk | 1.8.0:beta4 |
| digium | asterisk | 1.8.0:beta5 |
| digium | asterisk | 1.8.0:rc2 |
| digium | asterisk | 1.8.0:rc3 |
| digium | asterisk | 1.8.0:rc4 |
| digium | asterisk | 1.8.0:rc5 |
| digium | asterisk | 1.8.1 |
| digium | asterisk | 1.8.1:rc1 |
| digium | asterisk | 1.8.1.1 |
| digium | asterisk | 1.8.1.2 |
| digium | asterisk | 1.8.2 |
| digium | asterisk | 1.8.2.1 |
| digium | asterisk | 1.8.2.2 |
| digium | asterisk | 1.8.2.3 |
| digium | asterisk | 1.8.2.4 |
| digium | asterisk | 1.8.3 |
| digium | asterisk | 1.8.3:rc1 |
| digium | asterisk | 1.8.3:rc2 |
| digium | asterisk | 1.8.3:rc3 |
| digium | asterisk | 1.8.3.1 |
| digium | asterisk | 1.8.3.2 |
| digium | asterisk | 1.8.3.3 |
| digium | asterisk | 1.8.4 |
| digium | asterisk | 1.8.4:rc1 |
| digium | asterisk | 1.8.4:rc2 |
| digium | asterisk | 1.8.4:rc3 |
| digium | asterisk | 1.8.4.1 |
| digium | asterisk | 1.8.4.2 |
| digium | asterisk | 1.8.4.3 |
| digium | asterisk | 1.6.2.0 |
| digium | asterisk | 1.6.2.0:rc2 |
| digium | asterisk | 1.6.2.0:rc3 |
| digium | asterisk | 1.6.2.0:rc4 |
| digium | asterisk | 1.6.2.0:rc5 |
| digium | asterisk | 1.6.2.0:rc6 |
| digium | asterisk | 1.6.2.0:rc7 |
| digium | asterisk | 1.6.2.0:rc8 |
| digium | asterisk | 1.6.2.1 |
| digium | asterisk | 1.6.2.1:rc1 |
| digium | asterisk | 1.6.2.2 |
| digium | asterisk | 1.6.2.3:rc2 |
| digium | asterisk | 1.6.2.4 |
| digium | asterisk | 1.6.2.5 |
| digium | asterisk | 1.6.2.6 |
| digium | asterisk | 1.6.2.6:rc1 |
| digium | asterisk | 1.6.2.6:rc2 |
| digium | asterisk | 1.6.2.15:rc1 |
| digium | asterisk | 1.6.2.16 |
| digium | asterisk | 1.6.2.16:rc1 |
| digium | asterisk | 1.6.2.16.1 |
| digium | asterisk | 1.6.2.16.2 |
| digium | asterisk | 1.6.2.17 |
| digium | asterisk | 1.6.2.17:rc1 |
| digium | asterisk | 1.6.2.17:rc2 |
| digium | asterisk | 1.6.2.17:rc3 |
| digium | asterisk | 1.6.2.17.1 |
| digium | asterisk | 1.6.2.17.2 |
| digium | asterisk | 1.6.2.17.3 |
| digium | asterisk | 1.6.2.18 |
| digium | asterisk | 1.6.2.18:rc1 |
| digium | asterisk | 1.6.2.18.1 |
| digium | asterisk | 1.4.0 |
| digium | asterisk | 1.4.0:beta1 |
| digium | asterisk | 1.4.0:beta2 |
| digium | asterisk | 1.4.0:beta3 |
| digium | asterisk | 1.4.0:beta4 |
| digium | asterisk | 1.4.1 |
| digium | asterisk | 1.4.2 |
| digium | asterisk | 1.4.3 |
| digium | asterisk | 1.4.4 |
| digium | asterisk | 1.4.5 |
| digium | asterisk | 1.4.6 |
| digium | asterisk | 1.4.7 |
| digium | asterisk | 1.4.7.1 |
| digium | asterisk | 1.4.8 |
| digium | asterisk | 1.4.9 |
| digium | asterisk | 1.4.10 |
| digium | asterisk | 1.4.10.1 |
| digium | asterisk | 1.4.11 |
| digium | asterisk | 1.4.12 |
| digium | asterisk | 1.4.12.1 |
| digium | asterisk | 1.4.13 |
| digium | asterisk | 1.4.14 |
| digium | asterisk | 1.4.15 |
| digium | asterisk | 1.4.16 |
| digium | asterisk | 1.4.16.1 |
| digium | asterisk | 1.4.16.2 |
| digium | asterisk | 1.4.17 |
| digium | asterisk | 1.4.18 |
| digium | asterisk | 1.4.19 |
| digium | asterisk | 1.4.19:rc1 |
| digium | asterisk | 1.4.19:rc2 |
| digium | asterisk | 1.4.19:rc3 |
| digium | asterisk | 1.4.19:rc4 |
| digium | asterisk | 1.4.19.1 |
| digium | asterisk | 1.4.19.2 |
| digium | asterisk | 1.4.20 |
| digium | asterisk | 1.4.20:rc1 |
| digium | asterisk | 1.4.20:rc2 |
| digium | asterisk | 1.4.20:rc3 |
| digium | asterisk | 1.4.20.1 |
| digium | asterisk | 1.4.21 |
| digium | asterisk | 1.4.21:rc1 |
| digium | asterisk | 1.4.21:rc2 |
| digium | asterisk | 1.4.21.1 |
| digium | asterisk | 1.4.21.2 |
| digium | asterisk | 1.4.22 |
| digium | asterisk | 1.4.22:rc1 |
| digium | asterisk | 1.4.22:rc2 |
| digium | asterisk | 1.4.22:rc3 |
| digium | asterisk | 1.4.22:rc4 |
| digium | asterisk | 1.4.22:rc5 |
| digium | asterisk | 1.4.22.1 |
| digium | asterisk | 1.4.22.2 |
| digium | asterisk | 1.4.23 |
| digium | asterisk | 1.4.23:rc1 |
| digium | asterisk | 1.4.23:rc2 |
| digium | asterisk | 1.4.23:rc3 |
| digium | asterisk | 1.4.23:rc4 |
| digium | asterisk | 1.4.23.1 |
| digium | asterisk | 1.4.23.2 |
| digium | asterisk | 1.4.24 |
| digium | asterisk | 1.4.24:rc1 |
| digium | asterisk | 1.4.24.1 |
| digium | asterisk | 1.4.25 |
| digium | asterisk | 1.4.25:rc1 |
| digium | asterisk | 1.4.25.1 |
| digium | asterisk | 1.4.26 |
| digium | asterisk | 1.4.26:rc1 |
| digium | asterisk | 1.4.26:rc2 |
| digium | asterisk | 1.4.26:rc3 |
| digium | asterisk | 1.4.26:rc4 |
| digium | asterisk | 1.4.26:rc5 |
| digium | asterisk | 1.4.26:rc6 |
| digium | asterisk | 1.4.26.1 |
| digium | asterisk | 1.4.26.2 |
| digium | asterisk | 1.4.26.3 |
| digium | asterisk | 1.4.27 |
| digium | asterisk | 1.4.27:rc1 |
| digium | asterisk | 1.4.27:rc2 |
| digium | asterisk | 1.4.27:rc3 |
| digium | asterisk | 1.4.27:rc4 |
| digium | asterisk | 1.4.27:rc5 |
| digium | asterisk | 1.4.27.1 |
| digium | asterisk | 1.4.28 |
| digium | asterisk | 1.4.28:rc1 |
| digium | asterisk | 1.4.29 |
| digium | asterisk | 1.4.29:rc1 |
| digium | asterisk | 1.4.29.1 |
| digium | asterisk | 1.4.30 |
| digium | asterisk | 1.4.30:rc2 |
| digium | asterisk | 1.4.30:rc3 |
| digium | asterisk | 1.4.31 |
| digium | asterisk | 1.4.31:rc1 |
| digium | asterisk | 1.4.31:rc2 |
| digium | asterisk | 1.4.32 |
| digium | asterisk | 1.4.32:rc1 |
| digium | asterisk | 1.4.33 |
| digium | asterisk | 1.4.33:rc1 |
| digium | asterisk | 1.4.33:rc2 |
| digium | asterisk | 1.4.33.1 |
| digium | asterisk | 1.4.34 |
| digium | asterisk | 1.4.34:rc1 |
| digium | asterisk | 1.4.34:rc2 |
| digium | asterisk | 1.4.35 |
| digium | asterisk | 1.4.35:rc1 |
| digium | asterisk | 1.4.36 |
| digium | asterisk | 1.4.36:rc1 |
| digium | asterisk | 1.4.37 |
| digium | asterisk | 1.4.37:rc1 |
| digium | asterisk | 1.4.38 |
| digium | asterisk | 1.4.38:rc1 |
| digium | asterisk | 1.4.39 |
| digium | asterisk | 1.4.39:rc1 |
| digium | asterisk | 1.4.39.1 |
| digium | asterisk | 1.4.39.2 |
| digium | asterisk | 1.4.40 |
| digium | asterisk | 1.4.40:rc1 |
| digium | asterisk | 1.4.40:rc2 |
| digium | asterisk | 1.4.40:rc3 |
| digium | asterisk | 1.4.40.1 |
| digium | asterisk | 1.4.40.2 |
| digium | asterisk | 1.4.41 |
| digium | asterisk | 1.4.41:rc1 |
| digium | asterisk | 1.4.41.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References