Vulnerabilities > CVE-2011-2666 - Configuration vulnerability in Digium Asterisk
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201110-21.NASL description The remote host is affected by the vulnerability described in GLSA-201110-21 (Asterisk: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Asterisk. Please review the CVE identifiers referenced below for details. Impact : An unauthenticated remote attacker may execute code with the privileges of the Asterisk process or cause a Denial of Service. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 56625 published 2011-10-25 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56625 title GLSA-201110-21 : Asterisk: Multiple vulnerabilities NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2493.NASL description Several vulnerabilities were discovered in Asterisk, a PBX and telephony toolkit. - CVE-2012-2947 The IAX2 channel driver allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold (when a certain mohinterpret setting is enabled). - CVE-2012-2948 The Skinny channel driver allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by closing a connection in off-hook mode. In addition, it was discovered that Asterisk does not set the alwaysauthreject option by default in the SIP channel driver. This allows remote attackers to observe a difference in response behavior and check for the presence of account names. (CVE-2011-2666 ) System administrators concerned by this user enumerating vulnerability should enable the alwaysauthreject option in the configuration. We do not plan to change the default setting in the stable version (Asterisk 1.6) in order to preserve backwards compatibility. last seen 2020-03-17 modified 2012-06-29 plugin id 59771 published 2012-06-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/59771 title Debian DSA-2493-1 : asterisk - denial of service NASL family Misc. NASL id ASTERISK_AST_2011_011.NASL description According to the version in its SIP banner, the version of Asterisk running on the remote host allows a remote attacker to enumerate valid users by sending malformed SIP INVITE and REGISTER requests. last seen 2020-06-01 modified 2020-06-02 plugin id 56921 published 2011-11-22 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56921 title Asterisk Invalid INVITE / REGISTER SIP Request Username Enumeration (AST-2011-011)