Koozali.org: home of the SME Server

ARI Privilege Escalation

Offline compsos

  • *
  • 472
  • +0/-0
ARI Privilege Escalation
« on: October 03, 2014, 12:13:53 AM »
Hi
I assume we are not using this or any related code?

"We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)”. This affects any user who has installed FreePBX prior to version 12, and users who have updated to FreePBX 12 from a prior version and did not remove the legacy FreePBX ARI Framework module"

This one is listed and on sark in the scripts/c2.pl directory.
« Last Edit: October 03, 2014, 12:26:02 AM by compsos »
Regards

Gordon............

Offline SARK devs

  • ****
  • 2,806
  • +1/-0
    • http://sarkpbx.com
Re: ARI Privilege Escalation
« Reply #1 on: October 10, 2014, 10:28:04 PM »
not used by sail

Regards
S

Offline compsos

  • *
  • 472
  • +0/-0
Re: ARI Privilege Escalation
« Reply #2 on: October 10, 2014, 11:06:20 PM »
So it is fine to delete?
Regards

Gordon............

Offline SARK devs

  • ****
  • 2,806
  • +1/-0
    • http://sarkpbx.com
Re: ARI Privilege Escalation
« Reply #3 on: October 11, 2014, 01:31:33 AM »
yup