Koozali.org: home of the SME Server

Obsolete Releases => SME VoIP (Asterisk, SAIL etc) => Topic started by: compsos on October 03, 2014, 12:13:53 AM

Title: ARI Privilege Escalation
Post by: compsos on October 03, 2014, 12:13:53 AM

Hi
I assume we are not using this or any related code?

"We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)”. This affects any user who has installed FreePBX prior to version 12, and users who have updated to FreePBX 12 from a prior version and did not remove the legacy FreePBX ARI Framework module"

This one is listed and on sark in the scripts/c2.pl directory.

Title: Re: ARI Privilege Escalation
Post by: SARK devs on October 10, 2014, 10:28:04 PM

not used by sail

Regards
S

Title: Re: ARI Privilege Escalation
Post by: compsos on October 10, 2014, 11:06:20 PM

So it is fine to delete?

Title: Re: ARI Privilege Escalation
Post by: SARK devs on October 11, 2014, 01:31:33 AM

yup