CVE-2007-6430

描述

Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and Business Edition B.x.x before B.2.3.6 and C.x.x before C.1.0-beta8, when using database-based registrations ("realtime") and host-based authentication, does not check the IP address when the username is correct and there is no password, which allows remote attackers to bypass authentication using a valid username.

如何修補 CVE-2007-6430

要修補 CVE-2007-6430,請將受影響套件升級到下列已修補版本。

• Debian/asterisk—升級至 1:1.4.16.2~dfsg-1 或更新版本
• Debian/asterisk—升級至 1:1.2.13~dfsg-2etch3 或更新版本

CVE-2007-6430 正在被利用嗎?

低 — EPSS 為 0.7%,目前沒有觀察到大規模利用活動。

受影響套件(2)

• from 0, < 1:1.4.16.2~dfsg-1
• from 0, < 1:1.2.13~dfsg-2etch3

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6430