|Anonymous | Login | Signup for a new account||2016-05-25 00:13 ECT|
|Main | My View | View Issues | Change Log | Roadmap | Docs|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0002003||Elastix distro||freePBX||public||2014-10-01 19:39||2014-10-06 19:04|
|Target Version||Fixed in Version|
|Summary||0002003: FreePBX Vulnerability reported by FreePBX on 30/9/2014|
On a quick review, as Elastix 2.4 has ARI installed and 2.8 Freepbx and appears vulnerable (if Elastix is exposed to the outside).
I have not had time to look further on how much it affects Elastix, but wondering if any feedback from Elastix.
|Tags||No tags attached.|
|Fixed by upgrades.|
I have had a brief look at the updates RPM provided by a yum update.
Can you confirm the following for users on Elastix 2.4 with 2.8.x Freepbx
1) The update that is important is freePBX-2.8.1-18.noarch.rpm
2) You are recommending that users perform a yum update or yum update freepbx?
And for users on Elastix 2.5 beta (with Freepbx 2.11) to use the method suggested by Freepbx (e.g. remove ARI modules)??
|2014-10-01 19:39||bob||New Issue|
|2014-10-01 19:39||bob||Status||new => assigned|
|2014-10-01 19:39||bob||Assigned To||=> eabad|
|2014-10-06 13:26||a_villacis||Note Added: 0007514|
|2014-10-06 13:26||a_villacis||Status||assigned => resolved|
|2014-10-06 13:26||a_villacis||Resolution||open => fixed|
|2014-10-06 19:04||bob||Note Added: 0007516|
|Copyright © 2000 - 2016 MantisBT Team|