==================================================================
Please DO NOT REPLY to this mail or send email to the developers
about this bug. Please follow-up to Bugzilla using this link:
http://bugs.contribs.org/show_bug.cgi?id=8657
Have you checked the Frequently Asked Questions (FAQ)?
http://wiki.contribs.org/SME_Server:Documentation:FAQ
Please also take the time to read the following useful guide:
http://www.chiark.greenend.org.uk/~sgtatham/bugs.html
==================================================================
Bug ID: 8657
Summary: security issue with ARI module
Classification: Contribs
Product: SME Contribs
Version: 8.1
Hardware: ---
OS: ---
Status: CONFIRMED
Severity: normal
Priority: P3
Component: smeserver-freepbx
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
This exploit allows attackers to prey on weak security practices, while taking
advantage of security vulnerabilities in FreePBX, to take full control of a
FreePBX installation:
"We have been made aware of a critical Zero-Day Remote Code Execution and
Privilege Escalation exploit within the legacy "FreePBX ARI Framework
module/Asterisk Recording Interface (ARI)". This affects any user who has
installed FreePBX prior to version 12, and users who have updated to FreePBX 12
from a prior version and did not remove the legacy FreePBX ARI Framework
module."
This is taken from the FreePBX notice posted here:
http://www.freepbx.org/node/92822. Please read this notice very carefully and
take the proper steps to secure your installation.
all SME installation are affected and prior FreePBX 12 as asterisk16 (SME8) is
only supported up to FreePBX 2.9.0.15
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at http://lists.contribs.org/mailman/public/contribteam/
