Signature Detail
Short Name |
APP:FREEPBX-RECORDING-RCE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
FreePBX Recordings Interface Remote Code Execution |
Release Date |
2013/02/07 |
Update Number |
2232 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: FreePBX Recordings Interface Remote Code Execution
This signature detects attempts to exploit a known vulnerability in the FreePBX Recordings Interface. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the server.
Extended Description
FreePBX is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code in the context of the affected application. Failed exploit attempts may result in a denial-of-service condition. FreePBX 2.8.0 and prior versions are vulnerable.
Affected Products
- freePBX 2.10.0
- freePBX 2.1.3
- freePBX 2.2.0 Rc1
- freePBX 2.2.1
- freePBX 2.4
- freePBX 2.4.1
- freePBX 2.5
- freePBX 2.5.1
- freePBX 2.5.2
- freePBX 2.6
- freePBX 2.8.0
References
- BugTraq: 52727
- URL: http://freepbx.org