CVE-2007-6430

Description

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Affected products

• asterisk / asterisk_business_editionb.1.3.2 – b.1.3.2
• asterisk / asterisk_business_editionb.1.3.3 – b.1.3.3
• asterisk / asterisk_business_editionb.2.2.0 – b.2.2.0
• asterisk / asterisk_business_editionb.2.2.1 – b.2.2.1
• asterisk / asterisk_business_editionb.2.3.1 – b.2.3.1
• asterisk / asterisk_business_editionb.2.3.2 – b.2.3.2
• asterisk / asterisk_business_editionb.2.3.3 – b.2.3.3
• asterisk / asterisk_business_editionb.2.3.4 – b.2.3.4
• asterisk / asterisk_business_editionc.1.0beta7 – c.1.0beta7
• asterisk / open_source1.2.0beta1 – 1.2.0beta1
• asterisk / open_source1.2.0beta2 – 1.2.0beta2
• asterisk / open_source1.2.5 – 1.2.5
• asterisk / open_source1.2.6 – 1.2.6
• asterisk / open_source1.2.7 – 1.2.7
• asterisk / open_source1.2.8 – 1.2.8
• asterisk / open_source1.2.9 – 1.2.9
• asterisk / open_source1.2.10 – 1.2.10
• asterisk / open_source1.2.11 – 1.2.11
• asterisk / open_source1.2.13 – 1.2.13
• asterisk / open_source1.2.14 – 1.2.14
• asterisk / open_source1.2.15 – 1.2.15
• asterisk / open_source1.2.16 – 1.2.16
• asterisk / open_source1.2.17 – 1.2.17
• asterisk / open_source1.2.18 – 1.2.18
• asterisk / open_source1.2.19 – 1.2.19
• asterisk / open_source1.2.21 – 1.2.21
• asterisk / open_source1.2.22 – 1.2.22
• asterisk / open_source1.2.23 – 1.2.23
• asterisk / open_source1.2.24 – 1.2.24
• asterisk / open_source1.2.25 – 1.2.25
• asterisk / open_source1.4.1 – 1.4.1
• asterisk / open_source1.4.2 – 1.4.2
• asterisk / open_source1.4.3 – 1.4.3
• asterisk / open_source1.4.4 – 1.4.4
• asterisk / open_source1.4.5 – 1.4.5
• asterisk / open_source1.4.6 – 1.4.6
• asterisk / open_source1.4.7 – 1.4.7
• asterisk / open_source1.4.8 – 1.4.8
• asterisk / open_source1.4.9 – 1.4.9
• asterisk / open_source1.4.10 – 1.4.10
• asterisk / open_source1.4.11 – 1.4.11
• asterisk / open_source1.4.12 – 1.4.12
• asterisk / open_source1.4.13 – 1.4.13
• asterisk / open_source1.4.14 – 1.4.14
• asterisk / open_source1.4.15 – 1.4.15
• asterisk / open_source1.4beta – 1.4beta

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/28149
• VENDOR_ADVISORYhttp://secunia.com/advisories/29782
• MISChttp://security.gentoo.org/glsa/glsa-200804-13.xml
• VENDOR_ADVISORYhttp://secunia.com/advisories/29242
• MISChttp://www.securityfocus.com/archive/1/485287/100/0/threaded
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/4260
• VENDOR_ADVISORYhttp://www.debian.org/security/2008/dsa-1525
• MISChttp://securityreason.com/securityalert/3467
• MISChttp://www.osvdb.org/39519
• MISChttp://www.securitytracker.com/id?1019110
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/39124
• VENDOR_ADVISORYhttp://secunia.com/advisories/29456
• MISChttp://www.securityfocus.com/bid/26928
• MISChttp://downloads.digium.com/pub/security/AST-2007-027.html