5.211.65-21 still vulnerable to opsview/nrpe exploit

mag · February 2, 2015, 11:40pm

Just installed a new V5 system and updated to the latest release 5.211.65-21 using the update scripts.
As this was a test system, with a simple firewall, we were hacked pretty quickly.
Checking into the hack, it looks like it was from the opsview/nrpe vulnerability
NRPE Vulnerability
The latest FreePBX 5 version -21 is still running a vulnerable version of nrpe - v 2.14.

I would recommend upgrading to the latest version of nrpe > 2.15
as well as disabling opsview-agent from running at boot.

tonyclewis · February 3, 2015, 1:12am

We no not include that package anymore and have not in quite along time.

tonyclewis · February 3, 2015, 1:19am

In the upgrade of 5.211.65-12 we remove the opsview-agent RPM which removes the package as we dont actually install nrpe

upgrade-5.211.65-12.sh:yum -y erase opsview-agent

Since -12 we have not included opsview-agent anymore.

mag · February 3, 2015, 2:42am

Interesting - this was installed from the V5 FreePBX 32 bit iso and then manually upgraded using all the upgrade scripts to -21