[Ancient, Already fixed] Exploit found

Is this exploit know by freepbx?
https://www.exploit-db.com/exploits/40312/

I’ve just unlisted this topic until I can check that it’s fixed. I haven’t seen it before.

1 Like

Nope, that’s an ancient bug. I don’t know how it’s been ‘validated’, that code doesn’t exist.

Maybe it’s something in 2.11 or 2.10? I didn’t go back that far.

Thanks.

We noticed that several of our fpbx systems where hacked with adjusted files, such as ‘wakeup’ module.
We are not hacked yet with calls, but we can see some adjusted files and some webroot phpfiles.

I will investigate more also.

Oh, I just noticed, 13.0.35. Considering we’re at 13.0.174, that’s why I can’t find it 8)

There was a legitimate bug that a blackhat found, that was fixed in .157 (if I remember correctly)

Since then a couple of whitehats have been helping out awesomely, and they spotted a couple of other ones, but they weren’t published until they were fixed.

Just make sure you’re running the latest of everything.

thank you.

I will update everything and change passwords.
Thank you for you time and information.

1 Like

Make sure your machine is sending you emails. If there’s a security issue, your machine will automatically detect that and send you an email every day until you upgrade.

We’re thinking about just having FreePBX automatically upgrade when a security issue is detected, but the problem is, if people have written their own custom code in that module, we don’t want it to be clobbered without any warning.

Hi Rob,

The strange thing was, the security notice appeared after a moduleupdate. Maybe I did something wrong, I am still investigating.

I make use of a small moduleupdate script in /etc/cron.d which updates all modules every day. I understand that you cannot make this by default because of the customisation from some users.

As I see now, only the v13 Fpbxs are attacked. v12 have no adjusted files as I see for now.

I will investigate further today, and will let you know if I find anything.

1 Like