Source: asterisk Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for asterisk.
CVE-2009-0041[0]: | IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before | 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, | B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before | C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a | failed login attempt depending on whether the user account exists, | which allows remote attackers to enumerate valid usernames. Patch: http://downloads.digium.com/pub/security/AST-2009-001-1.4.diff If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041 http://security-tracker.debian.net/tracker/CVE-2009-0041 -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpOhBEVONvCl.pgp
Description: PGP signature
