AsteriskNOW versions 5.211.65 - security notice
We have been made aware of a critical Zero-Day Remote Code Execution and Privilege Escalation exploit within the legacy “FreePBX ARI Framework module/Asterisk Recording Interface (ARI)”. This affects any user who has installed FreePBX prior to version 12, and users who have updated to FreePBX 12 from a prior version and did not remove the legacy FreePBX ARI Framework module.
This exploit allows users to bypass authentication and gain full “Administrator” access to the FreePBX server when the ARI module is present, which may then be used to grant the attacker full remote code execution access as the user running the Apache process.
Please refer to this link for additional details:
http://community.freepbx.org/t/critical ... 7235/24536
It is highly recommended AsteriskNOW versions 5.211.65-12 and 5.211.65-18 be upgraded to version 19.
Instructions: http://wiki.freepbx.org/display/FD/Upda ... ial+Distro