Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[VulnWatch] AST-2007-027 - Database matching order permits host-based au

from [Security Officer] Network Security [Permanent Link]
Subject: [VulnWatch] AST-2007-027 - Database matching order permits host-based authentication to be ignored
Date: Tue, 18 Dec 2007 14:03:51 -0600 
               Asterisk Project Security Advisory - AST-2007-027

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Database matching order permits host-based        |
   |                    | authentication to be ignored                      |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Logic error                                       |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote Unauthenticated Sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |    Reported On     | October 30, 2007                                  |
   |--------------------+---------------------------------------------------|
   |    Reported By     | Tilghman Lesher <tlesher AT digium DOT com>       |
   |--------------------+---------------------------------------------------|
   |     Posted On      | December 18, 2007                                 |
   |--------------------+---------------------------------------------------|
   |  Last Updated On   | December 18, 2007                                 |
   |--------------------+---------------------------------------------------|
   |  Advisory Contact  | Tilghman Lesher <tlesher AT digium DOT com>       |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2007-6430                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | Due to the way database-based registrations ("realtime") |
   |             | are processed, IP addresses are not checked when the     |
   |             | username is correct and there is no password. An         |
   |             | attacker may impersonate any user using host-based       |
   |             | authentication without a secret, simply by guessing the  |
   |             | username of that user. This is limited in scope to       |
   |             | administrators who have set up the registration database |
   |             | ("realtime") for authentication and are using only       |
   |             | host-based authentication, not passwords. However, both  |
   |             | the SIP and IAX protocols are affected.                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | As a workaround, administrators may set a password for    |
   |            | all users and peers in their registration "realtime"      |
   |            | database. A fix is included in the newest release of      |
   |            | Asterisk, as provided below.                              |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |          Product           |   Release   |                             |
   |                            |   Series    |                             |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.0.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.2.x    | All versions prior to       |
   |                            |             | 1.2.26                      |
   |----------------------------+-------------+-----------------------------|
   |    Asterisk Open Source    |    1.4.x    | All versions prior to       |
   |                            |             | 1.4.16                      |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    A.x.x    | Not affected                |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    B.x.x    | All versions prior to       |
   |                            |             | B.2.3.6                     |
   |----------------------------+-------------+-----------------------------|
   | Asterisk Business Edition  |    C.x.x    | All versions prior to       |
   |                            |             | C.1.0-beta8                 |
   |----------------------------+-------------+-----------------------------|
   |        AsteriskNOW         | pre-release | Not affected                |
   |----------------------------+-------------+-----------------------------|
   |     Asterisk Appliance     |    0.x.x    | Not affected                |
   |       Developer Kit        |             |                             |
   |----------------------------+-------------+-----------------------------|
   | s800i (Asterisk Appliance) |    1.0.x    | Not affected                |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                  Product                  |          Release           |
   |-------------------------------------------+----------------------------|
   |           Asterisk Open Source            |           1.2.26           |
   |-------------------------------------------+----------------------------|
   |           Asterisk Open Source            |           1.4.16           |
   |-------------------------------------------+----------------------------|
   |         Asterisk Business Edition         |          B.2.3.6           |
   |-------------------------------------------+----------------------------|
   |         Asterisk Business Edition         |        C.1.0-beta8         |
   |-------------------------------------------+----------------------------|
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |        Links        |                                                  |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2007-027.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2007-027.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |         Editor         |       Revisions Made        |
   |-----------------+------------------------+-----------------------------|
   | 2007-12-18      | Tilghman Lesher        | Initial Release             |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2007-027
              Copyright (c) 2007 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [VulnWatch] AST-2007-027 - Database matching order permits host-based authentication to be ignored, Security Officer <=
Previous by Date:  rPSA-2007-0269-1 kernel, rPath Update Announcements
Next by Date:  TK53 Advisory #2: Multiple vulnerabilities in ClamAV, Lolek of TK53
Previous by Thread:  rPSA-2007-0269-1 kernel, rPath Update Announcements
Next by Thread:  TK53 Advisory #2: Multiple vulnerabilities in ClamAV, Lolek of TK53
Indexes:  [Date] [Thread] [Top] [All Lists]