*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: asterisk
Got this from SUSE-SR:2008:005. Quoting CVE-2007-6430:
"Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and
Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when
using database-based registrations ("realtime") and host-based
authentication, does not check the IP address when the username is
correct and there is no password, which allows remote attackers to
bypass authentication using a valid username."
** Affects: asterisk (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2007-6430
--
[asterisk] [CVE-2007-6430] possibility of bypassing host based authentication
by using a valid user name
https://bugs.launchpad.net/bugs/199118
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
