FreePBX
  1. FreePBX
  2. FREEPBX-4550

Obscure attack can result in uploading of an arbitrary script on the PBX

    Details

    • Type: Bugs Bugs
    • Status: Closed (View Workflow)
    • Resolution: Fixed
    • Affects Version/s: 2.8
    • Fix Version/s: None
    • Component/s: Recordings
    • Labels:
      None
    • Backend Engine:
      All
    • Confirmation:
      Confirmed

      Description

      This is a SECURITY issue and as such, details are left out.

      Most revisions affected.

        Activity

        Hide
        Philippe Lindheimer added a comment -
        Show
        Philippe Lindheimer added a comment - (In http://www.freepbx.org/trac/changeset/10299 ) fixes FREEPBX-4550 Security Issue
        Hide
        Philippe Lindheimer added a comment -

        (In http://www.freepbx.org/trac/changeset/10300) Merged revisions 10299 via svnmerge from
        http://svn.freepbx.org/modules/branches/2.8

        ........

        (http://www.freepbx.org/trac/changeset/10299) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line

        fixes FREEPBX-4550 Security Issue

        ........

        Show
        Philippe Lindheimer added a comment - (In http://www.freepbx.org/trac/changeset/10300 ) Merged revisions 10299 via svnmerge from http://svn.freepbx.org/modules/branches/2.8 ........ ( http://www.freepbx.org/trac/changeset/10299 ) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line fixes FREEPBX-4550 Security Issue ........
        Hide
        Philippe Lindheimer added a comment -

        (In http://www.freepbx.org/trac/changeset/10301) Merged revisions 10300 via svnmerge from
        http://www.freepbx.org/v2/svn/modules/branches/2.7

        ................

        (http://www.freepbx.org/trac/changeset/10300) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines

        Merged revisions 10299 via svnmerge from

        http://svn.freepbx.org/modules/branches/2.8

        ........

        (http://www.freepbx.org/trac/changeset/10300) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line

        fixes FREEPBX-4550 Security Issue

        ........

        ................

        Show
        Philippe Lindheimer added a comment - (In http://www.freepbx.org/trac/changeset/10301 ) Merged revisions 10300 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.7 ................ ( http://www.freepbx.org/trac/changeset/10300 ) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines Merged revisions 10299 via svnmerge from http://svn.freepbx.org/modules/branches/2.8 ........ ( http://www.freepbx.org/trac/changeset/10300 ) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line fixes FREEPBX-4550 Security Issue ........ ................
        Hide
        Philippe Lindheimer added a comment -

        (In http://www.freepbx.org/trac/changeset/10302) Merged revisions 10301 via svnmerge from
        http://www.freepbx.org/v2/svn/modules/branches/2.6

        ................

        (http://www.freepbx.org/trac/changeset/10301) | p_lindheimer | 2010-09-23 10:53:42 -0700 (Thu, 23 Sep 2010) | 16 lines

        Merged revisions 10300 via svnmerge from

        http://www.freepbx.org/v2/svn/modules/branches/2.7

        ................

        (http://www.freepbx.org/trac/changeset/10301) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines

        Merged revisions 10299 via svnmerge from
        http://svn.freepbx.org/modules/branches/2.8

        ........
        (http://www.freepbx.org/trac/changeset/10301) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line

        fixes FREEPBX-4550 Security Issue
        ........

        ................

        ................

        Show
        Philippe Lindheimer added a comment - (In http://www.freepbx.org/trac/changeset/10302 ) Merged revisions 10301 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.6 ................ ( http://www.freepbx.org/trac/changeset/10301 ) | p_lindheimer | 2010-09-23 10:53:42 -0700 (Thu, 23 Sep 2010) | 16 lines Merged revisions 10300 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.7 ................ ( http://www.freepbx.org/trac/changeset/10301 ) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines Merged revisions 10299 via svnmerge from http://svn.freepbx.org/modules/branches/2.8 ........ ( http://www.freepbx.org/trac/changeset/10301 ) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line fixes FREEPBX-4550 Security Issue ........ ................ ................
        Hide
        Philippe Lindheimer added a comment -

        (In http://www.freepbx.org/trac/changeset/10303) Merged revisions 10302 via svnmerge from
        http://www.freepbx.org/v2/svn/modules/branches/2.5

        ................

        (http://www.freepbx.org/trac/changeset/10302) | p_lindheimer | 2010-09-23 11:18:30 -0700 (Thu, 23 Sep 2010) | 23 lines

        Merged revisions 10301 via svnmerge from

        http://www.freepbx.org/v2/svn/modules/branches/2.6

        ................

        (http://www.freepbx.org/trac/changeset/10302) | p_lindheimer | 2010-09-23 10:53:42 -0700 (Thu, 23 Sep 2010) | 16 lines

        Merged revisions 10300 via svnmerge from
        http://www.freepbx.org/v2/svn/modules/branches/2.7

        ................
        (http://www.freepbx.org/trac/changeset/10302) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines

        Merged revisions 10299 via svnmerge from
        http://svn.freepbx.org/modules/branches/2.8

        ........
        (http://www.freepbx.org/trac/changeset/10302) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line

        fixes FREEPBX-4550 Security Issue
        ........
        ................

        ................

        ................

        Show
        Philippe Lindheimer added a comment - (In http://www.freepbx.org/trac/changeset/10303 ) Merged revisions 10302 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.5 ................ ( http://www.freepbx.org/trac/changeset/10302 ) | p_lindheimer | 2010-09-23 11:18:30 -0700 (Thu, 23 Sep 2010) | 23 lines Merged revisions 10301 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.6 ................ ( http://www.freepbx.org/trac/changeset/10302 ) | p_lindheimer | 2010-09-23 10:53:42 -0700 (Thu, 23 Sep 2010) | 16 lines Merged revisions 10300 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.7 ................ ( http://www.freepbx.org/trac/changeset/10302 ) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines Merged revisions 10299 via svnmerge from http://svn.freepbx.org/modules/branches/2.8 ........ ( http://www.freepbx.org/trac/changeset/10302 ) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line fixes FREEPBX-4550 Security Issue ........ ................ ................ ................
        Hide
        Philippe Lindheimer added a comment -

        (In http://www.freepbx.org/trac/changeset/10304) Merged revisions 10303 via svnmerge from
        http://www.freepbx.org/v2/svn/modules/branches/2.4

        ................

        (http://www.freepbx.org/trac/changeset/10303) | p_lindheimer | 2010-09-23 11:26:00 -0700 (Thu, 23 Sep 2010) | 30 lines

        Merged revisions 10302 via svnmerge from

        http://www.freepbx.org/v2/svn/modules/branches/2.5

        ................

        (http://www.freepbx.org/trac/changeset/10303) | p_lindheimer | 2010-09-23 11:18:30 -0700 (Thu, 23 Sep 2010) | 23 lines

        Merged revisions 10301 via svnmerge from
        http://www.freepbx.org/v2/svn/modules/branches/2.6

        ................
        (http://www.freepbx.org/trac/changeset/10303) | p_lindheimer | 2010-09-23 10:53:42 -0700 (Thu, 23 Sep 2010) | 16 lines

        Merged revisions 10300 via svnmerge from
        http://www.freepbx.org/v2/svn/modules/branches/2.7

        ................
        (http://www.freepbx.org/trac/changeset/10303) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines

        Merged revisions 10299 via svnmerge from
        http://svn.freepbx.org/modules/branches/2.8

        ........
        (http://www.freepbx.org/trac/changeset/10303) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line

        fixes FREEPBX-4550 Security Issue
        ........
        ................
        ................

        ................

        ................

        Show
        Philippe Lindheimer added a comment - (In http://www.freepbx.org/trac/changeset/10304 ) Merged revisions 10303 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.4 ................ ( http://www.freepbx.org/trac/changeset/10303 ) | p_lindheimer | 2010-09-23 11:26:00 -0700 (Thu, 23 Sep 2010) | 30 lines Merged revisions 10302 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.5 ................ ( http://www.freepbx.org/trac/changeset/10303 ) | p_lindheimer | 2010-09-23 11:18:30 -0700 (Thu, 23 Sep 2010) | 23 lines Merged revisions 10301 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.6 ................ ( http://www.freepbx.org/trac/changeset/10303 ) | p_lindheimer | 2010-09-23 10:53:42 -0700 (Thu, 23 Sep 2010) | 16 lines Merged revisions 10300 via svnmerge from http://www.freepbx.org/v2/svn/modules/branches/2.7 ................ ( http://www.freepbx.org/trac/changeset/10303 ) | p_lindheimer | 2010-09-23 10:42:19 -0700 (Thu, 23 Sep 2010) | 9 lines Merged revisions 10299 via svnmerge from http://svn.freepbx.org/modules/branches/2.8 ........ ( http://www.freepbx.org/trac/changeset/10303 ) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line fixes FREEPBX-4550 Security Issue ........ ................ ................ ................ ................
        Hide
        Philippe Lindheimer added a comment -

        (In http://www.freepbx.org/trac/changeset/10305) Merged revisions 10283-10304 via svnmerge from
        http://svn.freepbx.org/modules/branches/2.8

        ................

        (http://www.freepbx.org/trac/changeset/10296) | p_lindheimer | 2010-09-22 08:59:28 -0700 (Wed, 22 Sep 2010) | 9 lines

        Merged revisions 10295 via svnmerge from

        http://svn.freepbx.org/modules/branches/2.7

        ........

        (http://www.freepbx.org/trac/changeset/10296) | p_lindheimer | 2010-09-22 08:53:43 -0700 (Wed, 22 Sep 2010) | 1 line

        fixes FREEPBX-4548 namespace clash with IVR and VMBLAST messages

        ........

        ................

        (http://www.freepbx.org/trac/changeset/10296) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line

        fixes FREEPBX-4550 Security Issue

        ................

        Show
        Philippe Lindheimer added a comment - (In http://www.freepbx.org/trac/changeset/10305 ) Merged revisions 10283-10304 via svnmerge from http://svn.freepbx.org/modules/branches/2.8 ................ ( http://www.freepbx.org/trac/changeset/10296 ) | p_lindheimer | 2010-09-22 08:59:28 -0700 (Wed, 22 Sep 2010) | 9 lines Merged revisions 10295 via svnmerge from http://svn.freepbx.org/modules/branches/2.7 ........ ( http://www.freepbx.org/trac/changeset/10296 ) | p_lindheimer | 2010-09-22 08:53:43 -0700 (Wed, 22 Sep 2010) | 1 line fixes FREEPBX-4548 namespace clash with IVR and VMBLAST messages ........ ................ ( http://www.freepbx.org/trac/changeset/10296 ) | p_lindheimer | 2010-09-23 10:28:13 -0700 (Thu, 23 Sep 2010) | 1 line fixes FREEPBX-4550 Security Issue ................
        Hide
        Philippe Lindheimer added a comment -

        Published:

        • 2.9: 3.3.10.1 [10306]
        • 2.8: 3.3.10.1 [10308]
        • 2.7: 3.3.9.7 [10309]
        • 2.6: 3.3.9.3.1 [[10310]
        • 2.5: 3.3.8.11 [10311]
        • 2.4: 3.3.6.4 [10312]
        • 2.3: 3.3.5.6 [10313]
        Show
        Philippe Lindheimer added a comment - Published: 2.9: 3.3.10.1 [10306] 2.8: 3.3.10.1 [10308] 2.7: 3.3.9.7 [10309] 2.6: 3.3.9.3.1 [ [10310] 2.5: 3.3.8.11 [10311] 2.4: 3.3.6.4 [10312] 2.3: 3.3.5.6 [10313]

          People

          • Assignee:
            Unassigned
            Reporter:
            Philippe Lindheimer
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development