CVE-2011-4597
Publication date 15 December 2011
Last updated 24 July 2024
Ubuntu priority
The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
Status
Package | Ubuntu Release | Status |
---|---|---|
asterisk | ||
Notes
jdstrand
per upstream, no fix issued, only a documentation change. Upstream releases contain these documentation updates