CVE-2009-0041

CVSS V2 Medium 5 CVSS V3 None

Description

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Overview

CVE ID
CVE-2009-0041

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2009-01-14T23:30:00

Last Modified Date
2018-10-11T20:59:44

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
cpe:2.3:a:asterisk:asterisk_business_edition::::::::	1	OR	b.2.5.2
cpe:2.3:a:asterisk:asterisk_business_edition::beta8::::::*	1	OR	c.1.0
cpe:2.3:a:asterisk:asterisk_business_edition:a:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.2:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.1.3.3:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.0:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.2.1:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.1:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.2:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.3:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.4:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.5:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.3.6:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.0:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.1:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:b.2.5.3:::::::*	1	OR
cpe:2.3:a:asterisk:asterisk_business_edition:c.1.0:beta7::::::	1	OR
cpe:2.3:a:asterisk:open_source::::::::	1	OR	1.2.30.4
cpe:2.3:a:asterisk:open_source::rc3::::::*	1	OR	1.4.23
cpe:2.3:a:asterisk:open_source::rc1::::::*	1	OR	1.6.0.3
cpe:2.3:a:asterisk:open_source:1.2.0:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.0:beta1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.0:beta2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.0:rc1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.0:rc2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.0beta1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.0beta2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.2:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.3:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.3:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.10:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.10:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.11:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.11:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.12:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.12:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.12.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.12.1:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.13:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.13:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.14:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.14:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.15:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.15:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.16:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.16:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.17:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.17:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.18:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.18:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.19:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.19:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.20:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.20:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.21:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.21:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.21.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.21.1:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.22:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.22:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.23:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.23:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.24:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.24:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.25:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.25:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.26:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.26:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.26.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.26.1:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.26.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.26.2:netsec::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.2.27:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.28:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.29:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.30:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.30.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.2.30.3:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.0:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.0:beta2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.0:beta3::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.0:beta4::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.3:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.4:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.5:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.6:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.7:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.7.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.8:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.9:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.10:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.10.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.11:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.12:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.12.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.13:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.14:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.15:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.16:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.16.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.16.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.17:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.18:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.18.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.19:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc3::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.19:rc4::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.19.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.19.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.20:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.20:rc1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.20:rc2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.20:rc3::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.21:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.21:rc1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.21:rc2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.21.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.21.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.22:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.22:rc3::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.22:rc4::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.22.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.22.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.23:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4.23:rc1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4.23:rc2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.4_revision_95946:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.4beta:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta2::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta3::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta4::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta5::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta7::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta7.1::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta8::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:beta9::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:rc4::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:rc5::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0:rc6::::::	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0.1:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0.2:::::::*	1	OR
cpe:2.3:a:asterisk:open_source:1.6.0.3:::::::*	1	OR
cpe:2.3:h:asterisk:s800i_appliance:1.2:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

References

Reference URL	Reference Tags
http://www.securityfocus.com/bid/33174	Patch
http://securityreason.com/securityalert/4910
http://downloads.digium.com/pub/security/AST-2009-001.html
http://secunia.com/advisories/33453
http://www.securitytracker.com/id?1021549
http://security.gentoo.org/glsa/glsa-200905-01.xml
http://secunia.com/advisories/34982
http://secunia.com/advisories/37677
http://www.debian.org/security/2009/dsa-1952
http://www.vupen.com/english/advisories/2009/0063
http://www.securityfocus.com/archive/1/499884/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2009-0041
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0041

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:26:48				Added to TrackCVE