CVE-2011-4597

The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
digiumasterisk
1.8.0
digiumasterisk
1.8.0:beta1
digiumasterisk
1.8.0:beta2
digiumasterisk
1.8.0:beta3
digiumasterisk
1.8.0:beta4
digiumasterisk
1.8.0:beta5
digiumasterisk
1.8.0:rc2
digiumasterisk
1.8.0:rc3
digiumasterisk
1.8.0:rc4
digiumasterisk
1.8.0:rc5
digiumasterisk
1.8.1
digiumasterisk
1.8.1:rc1
digiumasterisk
1.8.1.1
digiumasterisk
1.8.1.2
digiumasterisk
1.8.2
digiumasterisk
1.8.2.1
digiumasterisk
1.8.2.2
digiumasterisk
1.8.2.3
digiumasterisk
1.8.2.4
digiumasterisk
1.8.3
digiumasterisk
1.8.3:rc1
digiumasterisk
1.8.3:rc2
digiumasterisk
1.8.3:rc3
digiumasterisk
1.8.3.1
digiumasterisk
1.8.3.2
digiumasterisk
1.8.3.3
digiumasterisk
1.8.4
digiumasterisk
1.8.4:rc1
digiumasterisk
1.8.4:rc2
digiumasterisk
1.8.4:rc3
digiumasterisk
1.8.4.1
digiumasterisk
1.8.4.2
digiumasterisk
1.8.4.3
digiumasterisk
1.8.4.4
digiumasterisk
1.8.5
digiumasterisk
1.8.5:rc1
digiumasterisk
1.8.5.0
digiumasterisk
1.8.6.0
digiumasterisk
1.8.6.0:rc1
digiumasterisk
1.8.6.0:rc2
digiumasterisk
1.8.6.0:rc3
digiumasterisk
1.8.7.0
digiumasterisk
1.8.7.0:rc1
digiumasterisk
1.8.7.0:rc2
digiumasterisk
1.8.7.1
digiumasterisk
1.6.2.0
digiumasterisk
1.6.2.0:rc2
digiumasterisk
1.6.2.0:rc3
digiumasterisk
1.6.2.0:rc4
digiumasterisk
1.6.2.0:rc5
digiumasterisk
1.6.2.0:rc6
digiumasterisk
1.6.2.0:rc7
digiumasterisk
1.6.2.0:rc8
digiumasterisk
1.6.2.1
digiumasterisk
1.6.2.1:rc1
digiumasterisk
1.6.2.2
digiumasterisk
1.6.2.3:rc2
digiumasterisk
1.6.2.4
digiumasterisk
1.6.2.5
digiumasterisk
1.6.2.6
digiumasterisk
1.6.2.6:rc1
digiumasterisk
1.6.2.6:rc2
digiumasterisk
1.6.2.15:rc1
digiumasterisk
1.6.2.16
digiumasterisk
1.6.2.16:rc1
digiumasterisk
1.6.2.16.1
digiumasterisk
1.6.2.16.2
digiumasterisk
1.6.2.17
digiumasterisk
1.6.2.17:rc1
digiumasterisk
1.6.2.17:rc2
digiumasterisk
1.6.2.17:rc3
digiumasterisk
1.6.2.17.1
digiumasterisk
1.6.2.17.2
digiumasterisk
1.6.2.17.3
digiumasterisk
1.6.2.18
digiumasterisk
1.6.2.18:rc1
digiumasterisk
1.6.2.19
digiumasterisk
1.6.2.19:rc1
digiumasterisk
1.6.2.20
digiumasterisk
1.6.2.21
digiumasterisk
1.4.0
digiumasterisk
1.4.0:beta1
digiumasterisk
1.4.0:beta2
digiumasterisk
1.4.0:beta3
digiumasterisk
1.4.0:beta4
digiumasterisk
1.4.1
digiumasterisk
1.4.2
digiumasterisk
1.4.3
digiumasterisk
1.4.4
digiumasterisk
1.4.5
digiumasterisk
1.4.6
digiumasterisk
1.4.7
digiumasterisk
1.4.7.1
digiumasterisk
1.4.8
digiumasterisk
1.4.9
digiumasterisk
1.4.10
digiumasterisk
1.4.10.1
digiumasterisk
1.4.11
digiumasterisk
1.4.12
digiumasterisk
1.4.12.1
digiumasterisk
1.4.13
digiumasterisk
1.4.14
digiumasterisk
1.4.15
digiumasterisk
1.4.16
digiumasterisk
1.4.16.1
digiumasterisk
1.4.16.2
digiumasterisk
1.4.17
digiumasterisk
1.4.18
digiumasterisk
1.4.19
digiumasterisk
1.4.19:rc1
digiumasterisk
1.4.19:rc2
digiumasterisk
1.4.19:rc3
digiumasterisk
1.4.19:rc4
digiumasterisk
1.4.19.1
digiumasterisk
1.4.19.2
digiumasterisk
1.4.20
digiumasterisk
1.4.20:rc1
digiumasterisk
1.4.20:rc2
digiumasterisk
1.4.20:rc3
digiumasterisk
1.4.20.1
digiumasterisk
1.4.21
digiumasterisk
1.4.21:rc1
digiumasterisk
1.4.21:rc2
digiumasterisk
1.4.21.1
digiumasterisk
1.4.21.2
digiumasterisk
1.4.22
digiumasterisk
1.4.22:rc1
digiumasterisk
1.4.22:rc2
digiumasterisk
1.4.22:rc3
digiumasterisk
1.4.22:rc4
digiumasterisk
1.4.22:rc5
digiumasterisk
1.4.22.1
digiumasterisk
1.4.22.2
digiumasterisk
1.4.23
digiumasterisk
1.4.23:rc1
digiumasterisk
1.4.23:rc2
digiumasterisk
1.4.23:rc3
digiumasterisk
1.4.23:rc4
digiumasterisk
1.4.23.1
digiumasterisk
1.4.23.2
digiumasterisk
1.4.24
digiumasterisk
1.4.24:rc1
digiumasterisk
1.4.24.1
digiumasterisk
1.4.25
digiumasterisk
1.4.25:rc1
digiumasterisk
1.4.25.1
digiumasterisk
1.4.26
digiumasterisk
1.4.26:rc1
digiumasterisk
1.4.26:rc2
digiumasterisk
1.4.26:rc3
digiumasterisk
1.4.26:rc4
digiumasterisk
1.4.26:rc5
digiumasterisk
1.4.26:rc6
digiumasterisk
1.4.26.1
digiumasterisk
1.4.26.2
digiumasterisk
1.4.26.3
digiumasterisk
1.4.27
digiumasterisk
1.4.27:rc1
digiumasterisk
1.4.27:rc2
digiumasterisk
1.4.27:rc3
digiumasterisk
1.4.27:rc4
digiumasterisk
1.4.27:rc5
digiumasterisk
1.4.27.1
digiumasterisk
1.4.28
digiumasterisk
1.4.28:rc1
digiumasterisk
1.4.29
digiumasterisk
1.4.29:rc1
digiumasterisk
1.4.29.1
digiumasterisk
1.4.30
digiumasterisk
1.4.30:rc2
digiumasterisk
1.4.30:rc3
digiumasterisk
1.4.31
digiumasterisk
1.4.31:rc1
digiumasterisk
1.4.31:rc2
digiumasterisk
1.4.32
digiumasterisk
1.4.32:rc1
digiumasterisk
1.4.33
digiumasterisk
1.4.33:rc1
digiumasterisk
1.4.33:rc2
digiumasterisk
1.4.33.1
digiumasterisk
1.4.34
digiumasterisk
1.4.34:rc1
digiumasterisk
1.4.34:rc2
digiumasterisk
1.4.35
digiumasterisk
1.4.35:rc1
digiumasterisk
1.4.36
digiumasterisk
1.4.36:rc1
digiumasterisk
1.4.37
digiumasterisk
1.4.37:rc1
digiumasterisk
1.4.38
digiumasterisk
1.4.38:rc1
digiumasterisk
1.4.39
digiumasterisk
1.4.39:rc1
digiumasterisk
1.4.39.1
digiumasterisk
1.4.39.2
digiumasterisk
1.4.40
digiumasterisk
1.4.40:rc1
digiumasterisk
1.4.40:rc2
digiumasterisk
1.4.40:rc3
digiumasterisk
1.4.40.1
digiumasterisk
1.4.40.2
digiumasterisk
1.4.41
digiumasterisk
1.4.41:rc1
digiumasterisk
1.4.41.1
digiumasterisk
1.4.41.2
digiumasterisk
1.4.42
digiumasterisk
1.4.42:rc1
digiumasterisk
1.4.42:rc2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html
http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
http://openwall.com/lists/oss-security/2011/12/09/3
http://openwall.com/lists/oss-security/2011/12/09/4
http://osvdb.org/77597
http://secunia.com/advisories/47273
http://www.debian.org/security/2011/dsa-2367
http://archives.neohapsis.com/archives/bugtraq/2011-12/0151.html
http://downloads.asterisk.org/pub/security/AST-2011-013.html
http://lists.digium.com/pipermail/asterisk-dev/2011-November/052191.html
http://openwall.com/lists/oss-security/2011/12/09/3
http://openwall.com/lists/oss-security/2011/12/09/4
http://osvdb.org/77597
http://secunia.com/advisories/47273
http://www.debian.org/security/2011/dsa-2367