IAX2 Information Leak in Asterisk Open Source and Business Edition
CVE-2009-0041

Currently unrated

Key Information:

Vendor

Asterisk

Status
Asterisk Business Edition
Open Source
S800i Appliance
Vendor
CVE Published:
14 January 2009

What is CVE-2009-0041?

The IAX2 protocol implementation in Asterisk Open Source and Business Edition has a flaw wherein it reacts differently to failed login attempts based on the existence of user accounts. This inconsistency may be exploited by remote attackers to enumerate valid usernames, posing a significant information leakage risk to users of affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://security.gentoo.org/glsa/glsa-200905-01.xml
vendor-advisoryx_refsource_GENTOO
http://www.securityfocus.com/archive/1/499884/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/33453
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.