[asterisk-bugs] [JIRA] (ASTERISK-27185) s3 bucket writable - asteriskconfig

Asterisk Team (JIRA) noreply at issues.asterisk.org
Mon Aug 7 10:14:08 CDT 2017 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-27185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=237987#comment-237987 ] 

Asterisk Team commented on ASTERISK-27185:
------------------------------------------

Thanks for creating a report! The issue has entered the triage process. That means the issue will wait in this status until a Bug Marshal has an opportunity to review the issue. Once the issue has been reviewed you will receive comments regarding the next steps towards resolution.

A good first step is for you to review the [Asterisk Issue Guidelines|https://wiki.asterisk.org/wiki/display/AST/Asterisk+Issue+Guidelines] if you haven't already. The guidelines detail what is expected from an Asterisk issue report.

Then, if you are submitting a patch, please review the [Patch Contribution Process|https://wiki.asterisk.org/wiki/display/AST/Patch+Contribution+Process].

> s3 bucket writable - asteriskconfig
> -----------------------------------
>
>                 Key: ASTERISK-27185
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-27185
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>            Reporter: vijiln
>            Severity: Critical
>
> Team,
> Found a writable amazon s3 bucket "asteriskconfig" in which anyone can upload,rename,delete files.Also all the config files where found on the s3 public which makes this severe.
> POC :
> when i opened the following s3 bucket
> http://s3.amazonaws.com/asteriskconfig/
> got the contents of the bucket listed,whilst a secure bucket would have brought up an access denied page.
> further i tried to upload copy rename and delete "test.txt"  using aws cli ,all succeeded !!
> 1.Copy local file to s3
> $ aws s3 cp test.txt s3://asteriskconfig
> Result: upload: ./test.txt to s3://asteriskconfig/test.txt 
> 2.Renaming file
> $ aws s3 mv s3://asteriskconfig/test.txt s3://asteriskconfig/test2.txt  
> Result:move: s3://asteriskconfig/test.txt to s3://asteriskconfig/test2.txt
> 3.Deleting file
> $ aws s3 rm s3://asteriskconfig/test2.txt
> delete: s3://asteriskconfig/test2.txt
> Impact :
> Risk is that anyone can upload malicious files,delete the existing files,rename and move files which makes this a critical vulnerability.
> Hope you guys will fix this soon.
> Screen shot is added here.
> Thank you !!



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list