CVE-2009-0041

Publication date 14 January 2009

Last updated 24 July 2024


Ubuntu priority

IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before 1.4.23-rc4, and 1.6.x before 1.6.0.3-rc2; Business Edition A.x.x, B.x.x before B.2.5.7, C.1.x.x before C.1.10.4, and C.2.x.x before C.2.1.2.1; and s800i 1.2.x before 1.3.0 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.

Status

Package Ubuntu Release Status
asterisk 10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty Ignored end of life
8.10 intrepid Ignored end of life, was needed
8.04 LTS hardy
Fixed 1:1.4.17~dfsg-2ubuntu1.1
7.10 gutsy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life