Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 220.127.116.11, 1.6.0.x before 18.104.22.168, and 1.6.1.x before 22.214.171.124; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 126.96.36.199 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.
Publish Date : 2009-11-10 Last Update Date : 2009-12-23
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify
a vulnerability or a missing patch. Check out the OVAL definitions
if you want to learn what you should do to verify a vulnerability.