Launchpad CVE tracker

CVE 2007-6430

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

Related bugs and status

CVE-2007-6430 (Candidate) is related to these bugs:

Bug #179096: Please sync asterisk 1:1.4.17~dfsg-2 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	179096	Please sync asterisk 1:1.4.17~dfsg-2 (universe) from Debian unstable (main)		asterisk (Ubuntu)	Wishlist	Fix Released

Bug #199118: [asterisk] [CVE-2007-6430] possibility of bypassing host based authentication by using a valid user name

		In	Importance	Status
199118	[asterisk] [CVE-2007-6430] possibility of bypassing host based authentication by using a valid user name	asterisk (Ubuntu)	Undecided	Fix Released
199118	[asterisk] [CVE-2007-6430] possibility of bypassing host based authentication by using a valid user name	asterisk (Ubuntu Dapper)	Undecided	Won't Fix
199118	[asterisk] [CVE-2007-6430] possibility of bypassing host based authentication by using a valid user name	asterisk (Ubuntu Edgy)	Undecided	Won't Fix
199118	[asterisk] [CVE-2007-6430] possibility of bypassing host based authentication by using a valid user name	asterisk (Ubuntu Feisty)	Undecided	Won't Fix
199118	[asterisk] [CVE-2007-6430] possibility of bypassing host based authentication by using a valid user name	asterisk (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2007-6430

References