[asterisk-bugs] [JIRA] (ASTERISK-27185) s3 bucket writable - asteriskconfig
vijiln (JIRA)
noreply at issues.asterisk.org
Mon Aug 7 10:14:08 CDT 2017
vijiln created ASTERISK-27185:
---------------------------------
Summary: s3 bucket writable - asteriskconfig
Key: ASTERISK-27185
URL: https://issues.asterisk.org/jira/browse/ASTERISK-27185
Project: Asterisk
Issue Type: Bug
Security Level: None
Reporter: vijiln
Severity: Critical
Team,
Found a writable amazon s3 bucket "asteriskconfig" in which anyone can upload,rename,delete files.Also all the config files where found on the s3 public which makes this severe.
POC :
when i opened the following s3 bucket
http://s3.amazonaws.com/asteriskconfig/
got the contents of the bucket listed,whilst a secure bucket would have brought up an access denied page.
further i tried to upload copy rename and delete "test.txt" using aws cli ,all succeeded !!
1.Copy local file to s3
$ aws s3 cp test.txt s3://asteriskconfig
Result: upload: ./test.txt to s3://asteriskconfig/test.txt
2.Renaming file
$ aws s3 mv s3://asteriskconfig/test.txt s3://asteriskconfig/test2.txt
Result:move: s3://asteriskconfig/test.txt to s3://asteriskconfig/test2.txt
3.Deleting file
$ aws s3 rm s3://asteriskconfig/test2.txt
delete: s3://asteriskconfig/test2.txt
Impact :
Risk is that anyone can upload malicious files,delete the existing files,rename and move files which makes this a critical vulnerability.
Hope you guys will fix this soon.
Screen shot is added here.
Thank you !!
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list