NEWS FLASH Proprietary Distro Gets Proprietary Firewall... finally

wardmundy · Oct 18, 2015

"No good deed goes unpunished." --Clare Boothe Luce

Yay, Us! :party:

Yay, Us!

And on the third day...

wardmundy · Oct 18, 2015

Now ask yourself how a vulnerability in a FreePBX module can morph into a root vulnerability, and you'll better appreciate why isolating your firewall from FreePBX is a very good idea.

hecatae · Oct 18, 2015

wardmundy said:
Now ask yourself how a vulnerability in a FreePBX module can morph into a root vulnerability, and you'll better appreciate why isolating your firewall from FreePBX is a very good idea.

is the sysadmin module on github, can we look at the source, as the sysadmin module still has root access as far as I understand?

wardmundy · Oct 18, 2015

Heh. Even the "Free" version is a Commercial (encrypted) Module and, based upon the capabilities and method of installation, root access appears to be a "hidden feature." That would certainly explain the latest vulnerability.

billsimon · Oct 19, 2015

It was a shell command injection exploit (similar to DB injection if you are familiar). The patch does a more strict check of parameters.

NEWS FLASH Proprietary Distro Gets Proprietary Firewall... finally

wardmundy

Nerd Uno

wardmundy

Nerd Uno

hecatae

resident hecatae

wardmundy

Nerd Uno

billsimon

Well-Known Member

Members online

Latest Posts

Forum statistics