Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-8070

Exec shell on a host using bug in Asterisk Recording Interface index.php

    Details

    • Type: Bugs
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.10, 2.11, 12
    • Fix Version/s: 2.10, 2.11, 12
    • Component/s: ARI User Portal
    • Labels:
      None

      Description

      index.php under the recordings directory, which is outside of the admin directory, has a remote command execution vulnerability which is available without proper authentication. (CVE-[AWAITING])

      Users are advise to remove the module named "admindashboard" and upgrade fw_ari through the following commands:

      #replacing the ‘AMPWEBROOT’ with the system setting.
      rm -rf AMPWEBROOT/admin/modules/admindashboard
      

      Then run the following command to remove all traces of it from FreePBX

      amportal a ma upgrade fw_ari
      

      Additionally users are advised to be on the lookout for two suspicious files, named "c.sh" or "c2.pl" respectively. If you see these two files please remove them immediately!

      Further information will be provided in a blog post.

        Attachments

          Issue Links

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                tm1000 Andrew Nagy
                Reporter:
                tm1000 Andrew Nagy
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: