Candidate: CVE-2011-2666
PublicDate: 2011-07-06 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2666
 http://downloads.asterisk.org/pub/security/AST-2011-011.html
Description:
 The default configuration of the SIP channel driver in Asterisk Open Source
 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the
 alwaysauthreject option, which allows remote attackers to enumerate account
 names by making a series of invalid SIP requests and observing the
 differences in the responses for different usernames, a different
 vulnerability than CVE-2011-2536.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_asterisk:
upstream_asterisk: needs-triage
hardy_asterisk: ignored (reached end-of-life)
lucid_asterisk: released (1:1.6.2.5-0ubuntu1.4)
maverick_asterisk: released (1:1.6.2.7-1ubuntu1.2)
natty_asterisk: released (1:1.6.2.9-2ubuntu2.1)
oneiric_asterisk: not-affected (1:1.8.4.4~dfsg-2ubuntu1.1)
precise_asterisk: not-affected
quantal_asterisk: not-affected
devel_asterisk: not-affected