CVE-2007-6430

Related Files

Gentoo Linux Security Advisory 200804-13

Posted Apr 14, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200804-13 - Multiple vulnerabilities have been found in Asterisk allowing for SQL injection, session hijacking and unauthorized usage. Versions less than 1.2.27 are affected.

tags | advisory, vulnerability, sql injection

systems | linux, gentoo

advisories | CVE-2007-6170, CVE-2007-6430, CVE-2008-1332

SHA-256 | 67da6681bc621e1c47a9b59a1836b85459c55a674e2f9489f48e2bca51d3ffd7

Download | Favorite | View

Debian Linux Security Advisory 1525-1

Posted Mar 20, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1525-1 - Several remote vulnerabilities have been discovered in Asterisk, a free software PBX and telephony toolkit.

tags | advisory, remote, vulnerability

systems | linux, debian

advisories | CVE-2007-6430, CVE-2008-1332, CVE-2008-1333

SHA-256 | 8a005f5ec36bdbd53917c342d96a68635121d0d7e8a082ff1e7174217e1c231c

Download | Favorite | View

AST-2007-027.txt

Posted Dec 19, 2007

Authored by Tilghman Lesher | Site asterisk.org

Asterisk Project Security Advisory - Due to the way database-based registrations ("realtime") are processed, IP addresses are not checked when the username is correct and there is no password. An attacker may impersonate any user using host-based authentication without a secret, simply by guessing the username of that user. This is limited in scope to administrators who have set up the registration database ("realtime") for authentication and are using only host-based authentication, not passwords. However, both the SIP and IAX protocols are affected.

tags | advisory, protocol

advisories | CVE-2007-6430

SHA-256 | 8f347c1af72c018f03b4107767873c60b519061e85f1fa9739ca188fc9633316

Download | Favorite | View