CVE-2007-6430

2007-12-2000:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.4%

JSON

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and
Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when
using database-based registrations (“realtime”) and host-based
authentication, does not check the IP address when the username is correct
and there is no password, which allows remote attackers to bypass
authentication using a valid username.

Bugs

Notes

Author	Note
mdeslaur	This patch may introduce CVE-2008-5558

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchasterisk< 1:1.4.16.2~dfsg-1UNKNOWN
ubuntu8.10noarchasterisk< 1:1.4.16.2~dfsg-1UNKNOWN
ubuntu9.04noarchasterisk< 1:1.4.16.2~dfsg-1UNKNOWN
ubuntu9.10noarchasterisk< 1:1.4.16.2~dfsg-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	asterisk	< 1:1.4.16.2~dfsg-1	UNKNOWN
ubuntu	8.10	noarch	asterisk	< 1:1.4.16.2~dfsg-1	UNKNOWN
ubuntu	9.04	noarch	asterisk	< 1:1.4.16.2~dfsg-1	UNKNOWN
ubuntu	9.10	noarch	asterisk	< 1:1.4.16.2~dfsg-1	UNKNOWN