CVE-2007-6430

Publication date 20 December 2007

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Read the notes from the security team

Status

Package Ubuntu Release Status
asterisk 9.10 karmic
Fixed 1:1.4.16.2~dfsg-1
9.04 jaunty
Fixed 1:1.4.16.2~dfsg-1
8.10 intrepid
Fixed 1:1.4.16.2~dfsg-1
8.04 LTS hardy
Fixed 1:1.4.16.2~dfsg-1
7.10 gutsy Ignored end of life, was needed
7.04 feisty Ignored end of life, was needed
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life

Notes

mdeslaur

This patch may introduce CVE-2008-5558

References

Other references

Access our resources on patching vulnerabilities