Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-8070

Exec shell on a host using bug in Asterisk Recording Interface index.php

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.10, 2.11, 12
    • Fix Version/s: 2.10, 2.11, 12
    • Component/s: ARI User Portal
    • Labels:
      None
    • ToDo:

      Description

      index.php under the recordings directory, which is outside of the admin directory, has a remote command execution vulnerability which is available without proper authentication. (CVE-[AWAITING])

      Users are advise to remove the module named "admindashboard" and upgrade fw_ari through the following commands:

      
      #replacing the ‘AMPWEBROOT’ with the system setting.
      rm -rf AMPWEBROOT/admin/modules/admindashboard
      

      Then run the following command to remove all traces of it from FreePBX

      
      amportal a ma upgrade fw_ari
      

      Additionally users are advised to be on the lookout for two suspicious files, named "c.sh" or "c2.pl" respectively. If you see these two files please remove them immediately!

      Further information will be provided in a blog post.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  tm1000 Andrew Nagy
                  Reporter:
                  tm1000 Andrew Nagy
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: