CVE-2011-2536

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-2536

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2011-2536.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2011-2536

Downstream

DEBIAN-CVE-2011-2536

DSA-2276-1

DSA-2276-2

Published

2011-07-06T19:55:03Z

Modified

2025-04-11T00:51:21Z

Summary

[none]

Details

chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x before 1.4.41.2, 1.6.2.x before 1.6.2.18.2, and 1.8.x before 1.8.4.4, and Asterisk Business Edition C.3.x before C.3.7.3, disregards the alwaysauthreject option and generates different responses for invalid SIP requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests.

References

http://downloads.asterisk.org/pub/security/AST-2011-011.html
http://downloads.asterisk.org/pub/security/AST-2011-011-1.8.diff
http://www.securitytracker.com/id?1025734

CVE-2011-2536

Affected packages