[asterisk-users] Trixbox Phones Home

Than Taro thanrantaro at live.com
Sun Dec 16 22:27:36 CST 2007


As I pointed out here last night, there is also a very serious security vulnerability associated with this.  Example: An attacker could compromise the script that is used on the remote host, and set it to force clients that connect to run a command such as "rm -rf /".  There are about half a dozen ways I could see this being abused - in either a "one off" or an "every installation" scenario.  Fonality has yet to acknowledge this aspect of the issue - and I fear that they never will.

See:
http://voipsa.org/pipermail/voipsec_voipsa.org/2007-December/002522.html


P.S.: On behalf of Rob (of FreePBX fame), I'd like to also point out this
this is something that was added to trixbox, and not FreePBX.  Quoting
Rob: "when someone mistakenly says 'trixbox does...' they usually mean
'freepbx does...' as FreePBX is the GUI Trixbox uses to configure
Asterisk".  In this instance, that is not the case - it is only a
trixbox issue.

> From: email at mattruby.com
> To: asterisk-users at lists.digium.com; asterisk-biz at lists.digium.com
> Date: Sun, 16 Dec 2007 20:53:53 -0500
> Subject: [asterisk-users] Trixbox Phones Home
> 
> 	I just read on Slashdot (at
> http://yro.slashdot.org/article.pl?sid=07/12/16/222243 ) that Trixbox
> "has been phoning home with statistics about their installations", as a
> Trixbox user exposed in "Trixbox Phones Home" at
> http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home .
> -- 
> 
> (C) Matthew Rubenstein
> 
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users

_________________________________________________________________
The best games are on Xbox 360.  Click here for a special offer on an Xbox 360 Console.
http://www.xbox.com/en-US/hardware/wheretobuy/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20071216/af4cf7e1/attachment.htm 


More information about the asterisk-users mailing list