FreePBX Framework Module view.functions.php Remote Code Execution

2014-04-03T00:00:00
ID SAINT:FA4FCDE96D7598CC10207A31600CE243
Type saint
Reporter SAINT Corporation
Modified 2014-04-03T00:00:00

Description

Added: 04/03/2014
CVE: CVE-2014-1903
BID: 65509
OSVDB: 103240

Background

FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk.

Problem

The Framework module of FreePBX is vulnerable to remote code execution as a result of improper sanitization of user-supplied input. The vulnerability is triggered when input passed as arguments to the **config.php** script is not propery sanitized upon submission to the **admin/libraries/view.functions.php** script. FreePBX versions 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 are vulnerable.

Resolution

Upgrade to version 2.9.0.14, 2.10.1.15, 2.11.0.23, 12.0.1alpha22, or higher.

References

<http://www.freepbx.org/news/2014-02-06/security-vulnerability-notice>
<http://issues.freepbx.org/browse/FREEPBX-7123>
<http://downloads.securityfocus.com/vulnerabilities/exploits/65509.php>

Limitations

The **telnet** application must exist on the target system.

Platforms

Linux