Executive Summary

Informations
NameCVE-2009-0041First vendor Publication2009-01-14
VendorCveLast vendor Modification2018-10-11

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041

CWE : Common Weakness Enumeration

%idName
100 %CWE-200Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application28
Application178
Hardware1

OpenVAS Exploits

DateDescription
2009-12-30Name : Debian Security Advisory DSA 1952-1 (asterisk)
File : nvt/deb_1952_1.nasl
2009-12-14Name : Fedora Core 10 FEDORA-2009-12461 (asterisk)
File : nvt/fcore_2009_12461.nasl
2009-12-03Name : Fedora Core 10 FEDORA-2009-11126 (asterisk)
File : nvt/fcore_2009_11126.nasl
2009-09-28Name : Fedora Core 10 FEDORA-2009-9374 (asterisk)
File : nvt/fcore_2009_9374.nasl
2009-05-05Name : Gentoo Security Advisory GLSA 200905-01 (asterisk)
File : nvt/glsa_200905_01.nasl
2009-02-13Name : Fedora Core 9 FEDORA-2009-0973 (asterisk)
File : nvt/fcore_2009_0973.nasl
2009-02-13Name : Fedora Core 10 FEDORA-2009-0984 (asterisk)
File : nvt/fcore_2009_0984.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
51373Asterisk IAX2 User Account Enumeration Weakness

Nessus® Vulnerability Scanner

DateDescription
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1952.nasl - Type : ACT_GATHER_INFO
2009-05-04Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200905-01.nasl - Type : ACT_GATHER_INFO
2009-04-23Name : The remote Fedora host is missing a security update.
File : fedora_2009-0984.nasl - Type : ACT_GATHER_INFO
2009-02-13Name : The remote Fedora host is missing one or more security updates.
File : fedora_2009-0973.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/33174
BUGTRAQ http://www.securityfocus.com/archive/1/499884/100/0/threaded
CONFIRM http://downloads.digium.com/pub/security/AST-2009-001.html
DEBIAN http://www.debian.org/security/2009/dsa-1952
GENTOO http://security.gentoo.org/glsa/glsa-200905-01.xml
SECTRACK http://www.securitytracker.com/id?1021549
SREASON http://securityreason.com/securityalert/4910
VUPEN http://www.vupen.com/english/advisories/2009/0063

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
DateInformations
2018-10-12 00:20:34
  • Multiple Updates
2016-06-28 17:33:03
  • Multiple Updates
2016-04-27 09:33:58
  • Multiple Updates
2016-04-26 18:32:40
  • Multiple Updates
2014-02-17 10:48:13
  • Multiple Updates
2013-05-10 23:41:32
  • Multiple Updates