Business Telephony Solutions

Overview Asterisk Appliances (PBX) Telephony Interfaces (Astribank) Xorcom IP Phones Video Conferencing Hospitality - Complete Concierge Assisted Living - AMITY Telephony System Configurator Optional Extras Asterisk Distributions

Telephony System Configurator Distributor Map Xorcom Resellers

Astribank Technology Application Notes Meeting VoIP Challenges Test Results

Become a Partner OEM CLEC Training Technology Partners Partner Log-in

Alerts FAQs Pre-sales/Application Questions Upgrades & Downloads Technical Documentation Warranty Activation Xorcom Product Warranty Policy Support Request Xorcom Wiki Feedback About Xorcom Support

White Papers Case Studies Videos & Presentations Brochures Data Sheets Newsletters News Archive Glossary

About Us Partners Contact Us Careers Xorcom USA Reseller Sign Up Xorcom Blog

Support

-Storage Requirements for Voice Mail

-RAID1 Support Notes

Asterisk Topics

- What is Asterisk? A Backgrounder...

- How to Choose an Asterisk-based PBX

- Asterisk Tip: SIP Installation Instructions

- Asterisk Tip: Connecting to Asterisk Manager

Pre-sales/Application Questions

Upgrades & Downloads

Astribank Drivers

Astribank 2 Drivers Overview

Live-CD/USB Quick Start

Xorcom IP-PBX Upgrades

Technical Documentation

Astribank Technical Documentation

XR1000 Technical Documentation

XR2000 Technical Documentation

XR3000 Technical Documentation

XE2000/XE3000 Technical Documentation

Xorcom IP Phones Technical Documentation

Elastix Configuration Instructions

trixbox CE Configuration Instructions

Warranty Activation

Xorcom Product Warranty Policy

Support Request

Xorcom Wiki

Feedback About Xorcom Support

7th Straight "Best of Show"

Xorcom's open source business telephony solutions get top honors at recent IT EXPO.
Read more...

IP-PBX

CONFIGURATOR

WIZARD

Follow @xorcom

FreePBX Security Threat: Unauthorized File Writing Permitted

Affected Products

All Xorcom IP-PBX models (XR1nnn, XR2nnn, XR3nnn, XE2nnn, XE3nnn) running Elastix 1.5 or 1.6

Problem

We have been informed by the Elastix development team that a security threat which would allow remote users to write files on the server's hard drive through FreePBX has been discovered. This action involves two different security problems:

the first problem allows access to the FreePBX “not embedded” interface with administrator privileges
the second problem allows a user to write files on the file system, through the administrator FreePBX “not embedded” interface

Solution

The first threat was solved at the end of 2010. The solution to the second problem is being released today (for details see: http://elx.ec/secalert052011). The update amends the problems mentioned above and is available at the Elastix update repository. The update can be executed through console by running the command "yum update freePBX" or from the Elastix updates Web interface.

Important Reminder

Under no circumstances should FreePBX be upgraded through the “not embedded” interface. The right way to do it is from the Elastix RPM packages. Updating FreePBX from the “not embedded” interface can overwrite important changes in RPM packages distributed with Elastix.

Last Updated ( Sunday, 15 May 2011 )

Send to a friend

Subscribe to Xorcom Support RSS Feed

Related Info - White Papers
Xorcom has developed a library of white papers to help leverage the benefits of VoIP technology in general, and the Asterisk platform in particular:

Additional Resources