Vulnerability CVE-2009-3727 - CERT Civis.Net

Vulnerability Name:

CVE-2009-3727 (CCN-54149)

Assigned:

2009-11-04

Published:

2009-11-04

Updated:

2009-12-23

Summary:

Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, 1.6.0.x before 1.6.0.17, and 1.6.1.x before 1.6.1.9; Business Edition A.x.x, B.x.x before B.2.5.12, C.2.x.x before C.2.4.5, and C.3.x.x before C.3.2.2; AsteriskNOW 1.5; and s800i 1.3.x before 1.3.0.5 generate different error messages depending on whether a SIP username is valid, which allows remote attackers to enumerate valid usernames via multiple crafted REGISTER messages with inconsistent usernames in the URI in the To header and the Digest in the Authorization header.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
1.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2009-3727

Source: CCN
Type: AST-2009-008
SIP responses expose valid usernames

Source: CONFIRM
Type: Vendor Advisory
http://downloads.asterisk.org/pub/security/AST-2009-008.html

Source: OSVDB
Type: UNKNOWN
59697

Source: CCN
Type: SA37265
Asterisk SIP REGISTER Response User Enumeration Weakness

Source: SECUNIA
Type: Vendor Advisory
37265

Source: SECUNIA
Type: UNKNOWN
37479

Source: SECUNIA
Type: UNKNOWN
37677

Source: CCN
Type: SECTRACK ID: 1023133
Asterisk Discloses Valid Usersnames to Remote Users in Response to Specially Crafted REGISTER Messages

Source: DEBIAN
Type: UNKNOWN
DSA-1952

Source: DEBIAN
Type: DSA-1952
asterisk -- several vulnerabilities

Source: CCN
Type: GLSA-201006-20
Asterisk: Multiple vulnerabilities

Source: CCN
Type: OSVDB ID: 59697
Asterisk SIP REGISTER Response Username Enumeration Weakness

Source: BID
Type: Patch
36924

Source: CCN
Type: BID-36924
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023133

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=523277

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=533137

Source: XF
Type: UNKNOWN
asterisk-register-information-disclosure(54149)

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-11070

Source: FEDORA
Type: UNKNOWN
FEDORA-2009-11126

Vulnerable Configuration:

Configuration 1:

cpe:/a:digium:asterisk:1.2.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.0:beta1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.0:beta2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.0:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.2:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.3:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.3:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.10:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.10:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.11:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.11:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.12:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.12:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.12.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.12.1:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.13:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.13:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.14:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.15:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.15:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.16:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.16:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.17:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.17:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.18:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.18:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.19:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.19:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.20:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.20:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.21:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.21:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.21.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.21.1:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.22:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.22:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.23:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.23:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.24:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.24:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.25:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.25:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.26:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.26:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.26.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.26.1:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.26.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.26.2:netsec:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.27:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.28:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.28.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.29:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.30:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.30.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.30.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.30.3:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.30.4:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.31:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.31.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.32:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.33:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.2.34:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0:beta1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0:beta2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0:beta3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.0:beta4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.3:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.4:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.5:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.6:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.7:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.7.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.8:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.9:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.10:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.10.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.11:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.12:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.12.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.13:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.14:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.15:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.16:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.16.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.16.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.17:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.18:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.19:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.19:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.19:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.19:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.19:rc4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.19.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.19.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.20:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.20:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.20:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.20:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.20.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.21:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.21:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.21:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.21.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.21.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22:rc4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22:rc5:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.22.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.23:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.23:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.23:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.23:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.23:rc4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.23.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.23.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.24:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.24:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.24.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.25:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.25:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.25.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26:rc4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26:rc5:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26:rc6:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.4.26.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta5:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta6:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta7:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta7.1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta8:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:beta9:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:rc4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:rc5:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0:rc6:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.3:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.3:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.4:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.5:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.6:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.7:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.8:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.9:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.10:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.11:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.11:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.11:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.14:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.14:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.15:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.16:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.16:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.0.16:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.0:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.0:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.0:rc3:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.0:rc4:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.0:rc5:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.1:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.2:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.3:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.4:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.5:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.5:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.6:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.7:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.7:rc2:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.8:*:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.10:rc1:*:*:*:*:*:*

OR cpe:/a:digium:asterisk:1.6.1.10:rc2:*:*:*:*:*:*

Configuration 2:

cpe:/a:digium:asterisknow:1.5:*:*:*:*:*:*:*

Configuration 3:

cpe:/h:digium:s800i:1.3.0:*:*:*:*:*:*:*

OR cpe:/h:digium:s800i:1.3.0.2:*:*:*:*:*:*:*

OR cpe:/h:digium:s800i:1.3.0.3:*:*:*:*:*:*:*

OR cpe:/h:digium:s800i:1.3.0.4:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:digium:asterisk:a:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.5.0:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.5.2:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.2.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.3.0:-:business:*:*:*:*:*

Configuration CCN 1:

cpe:/a:digium:asterisk:b.2.5.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.2.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.2:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.5:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.4:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.5.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.3.6:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.2.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.1.0:beta7:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.1.0:beta8:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.1.6:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.1.6.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.1.6.2:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.1.8.1:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.1.3.2:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.1.3.3:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:b.2.2.0:-:business:*:*:*:*:*

OR cpe:/a:digium:asterisk:c.3.1.0:-:business:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:6950	P	DSA-1952 asterisk -- several vulnerabilities, end-of-life announcement in oldstable	2015-02-23
oval:org.mitre.oval:def:13727	P	DSA-1952-1 asterisk -- several vulnerabilities	2015-02-23
oval:org.debian:def:1952	V	several vulnerabilities, end-of-life announcement in oldstable	2009-12-15