CVE-2007-6430
First published: Thu Dec 20 2007(Updated: )
Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asterisk Business Edition | =b.2.2.0 | |
| Asterisk | =1.2.8 | |
| Asterisk | =1.2.14 | |
| Asterisk | =1.2.15 | |
| Asterisk | =1.4.9 | |
| Asterisk | =1.4.10 | |
| Asterisk | =1.4.6 | |
| Asterisk | =1.2.23 | |
| Asterisk | =1.4.15 | |
| Asterisk | =1.4beta | |
| Asterisk Business Edition | =b.2.3.1 | |
| Asterisk | =1.2.24 | |
| Asterisk | =1.4.12 | |
| Asterisk | =1.4.13 | |
| Asterisk | =1.2.25 | |
| Asterisk | =1.2.11 | |
| Asterisk | =1.2.13 | |
| Asterisk Business Edition | =b.2.3.3 | |
| Asterisk | =1.4.2 | |
| Asterisk | =1.4.1 | |
| Asterisk | =1.2.5 | |
| Asterisk | =1.4.11 | |
| Asterisk | =1.2.21 | |
| Asterisk | =1.4.3 | |
| Asterisk Business Edition | =c.1.0beta7 | |
| Asterisk | =1.4.7 | |
| Asterisk Business Edition | =b.1.3.2 | |
| Asterisk | =1.4.4 | |
| Asterisk | =1.2.7 | |
| Asterisk | =1.2.10 | |
| Asterisk | =1.2.17 | |
| Asterisk Business Edition | =b.1.3.3 | |
| Asterisk | =1.4.5 | |
| Asterisk Business Edition | =b.2.3.4 | |
| Asterisk | =1.2.0beta1 | |
| Asterisk | =1.2.22 | |
| Asterisk | =1.4.14 | |
| Asterisk | =1.2.16 | |
| Asterisk | =1.2.9 | |
| Asterisk | =1.2.0beta2 | |
| Asterisk | =1.2.19 | |
| Asterisk Business Edition | =b.2.2.1 | |
| Asterisk Business Edition | =b.2.3.2 | |
| Asterisk | =1.4.8 | |
| Asterisk | =1.2.6 | |
| Asterisk | =1.2.18 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://downloads.digium.com/pub/security/AST-2007-027.html
- http://www.securityfocus.com/bid/26928
- http://www.securitytracker.com/id?1019110
- http://secunia.com/advisories/28149
- http://www.osvdb.org/39519
- http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html
- http://secunia.com/advisories/29242
- http://www.debian.org/security/2008/dsa-1525
- http://secunia.com/advisories/29456
- http://securityreason.com/securityalert/3467
- http://security.gentoo.org/glsa/glsa-200804-13.xml
- http://secunia.com/advisories/29782
- http://www.vupen.com/english/advisories/2007/4260
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39124
- http://www.securityfocus.com/archive/1/485287/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-6430?
CVE-2007-6430 is considered a critical vulnerability due to its potential for unauthorized access to sensitive system functionalities.
How do I fix CVE-2007-6430?
To fix CVE-2007-6430, upgrade Asterisk to version 1.2.26 or 1.4.16 or later.
What are the affected versions of Asterisk in CVE-2007-6430?
Affected versions include Asterisk Open Source 1.2.x before 1.2.26, 1.4.x before 1.4.16, and various Business Edition versions before specified updates.
What type of authentication does CVE-2007-6430 exploit?
CVE-2007-6430 exploits host-based authentication when using database-based registrations.
What can happen if CVE-2007-6430 is exploited?
Exploitation of CVE-2007-6430 could allow an attacker to gain unauthorized access by bypassing IP address checks.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/asterisk
- canonical/asterisk business edition
- version/asterisk business edition/b.2.2.0
- canonical/asterisk
- version/asterisk/1.2.8
- version/asterisk/1.2.14
- version/asterisk/1.2.15
- version/asterisk/1.4.9
- version/asterisk/1.4.10
- version/asterisk/1.4.6
- version/asterisk/1.2.23
- version/asterisk/1.4.15
- version/asterisk/1.4beta
- version/asterisk business edition/b.2.3.1
- version/asterisk/1.2.24
- version/asterisk/1.4.12
- version/asterisk/1.4.13
- version/asterisk/1.2.25
- version/asterisk/1.2.11
- version/asterisk/1.2.13
- version/asterisk business edition/b.2.3.3
- version/asterisk/1.4.2
- version/asterisk/1.4.1
- version/asterisk/1.2.5
- version/asterisk/1.4.11
- version/asterisk/1.2.21
- version/asterisk/1.4.3
- version/asterisk business edition/c.1.0beta7
- version/asterisk/1.4.7
- version/asterisk business edition/b.1.3.2
- version/asterisk/1.4.4
- version/asterisk/1.2.7
- version/asterisk/1.2.10
- version/asterisk/1.2.17
- version/asterisk business edition/b.1.3.3
- version/asterisk/1.4.5
- version/asterisk business edition/b.2.3.4
- version/asterisk/1.2.0beta1
- version/asterisk/1.2.22
- version/asterisk/1.4.14
- version/asterisk/1.2.16
- version/asterisk/1.2.9
- version/asterisk/1.2.0beta2
- version/asterisk/1.2.19
- version/asterisk business edition/b.2.2.1
- version/asterisk business edition/b.2.3.2
- version/asterisk/1.4.8
- version/asterisk/1.2.6
- version/asterisk/1.2.18