SECURITY ADVISORY: web services (Aug. 11, 2011)

mbrevda

mbrevda

Aug. 11, 2011

The FreePBX development team has identified with some zero day security vulnerabilities related to httpd and php. These vulnerabilities may allow a remote user to gain full root control over a system, and are present in lots of popular asterisk-related distro’s.

The FreePBX development team strongly urges all user of the FreePBX Distro to immediately upgrade their systems and patch these vulnerabilities. Additionally, users are reminded never to keep their web port accessible to the internet.

To secure your system, please download the latest scripts found [url=https://www.freepbx.org/forum/freepbx-distro/distro-discussion-help/release-versions]here[/url]. Please remember that the upgrade scripts must be executed sequentially.

A big round of applause to my colleagues at [url=http://www.schmoozecom.com]Schmooze Com., Inc.[/url] for their tireless dedication to the community, for the sleepless nights they spent working on this (and many other!) issue, and for their swift response in releasing a patch to protect the users of the distro.

UPDATE: it seems this post has left a host of questions in its wake – please read the following replies to see if your questions have been answered yet, or reply with them if they havent been!

Share this Blogpost

Share on email
Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on tumblr
Share on telegram

Start the Discussion

Sign up for our Newsletter

Scroll to Top