| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <493C20F9.8020704@gmail.com> Date: Sun, 07 Dec 2008 14:16:09 -0500 From: Chris Castaldo <chris.castaldo@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Multiple vulnerabilities in 3CX 6.0.806.0 Synopsis: 3CX 6.0.806.0 is vulnerable to session hijacking, XSS, information disclosure and DoS. Background: "3CX Phone System for Windows is a software-based IP PBX that replaces traditional proprietary hardware PBX / PABX. 3CX’s IP PBX has been developed specifically for Microsoft Windows and is based on the SIP standard – making it easier to manage and allowing you to use any SIP phone (software or hardware)." Issue 1: By default 3CX does not run HTTPS allowing an attacker to sniff the administrators session ID and masquerade as the administrator and perform tasks on their behalf. Issue 2: XSS is possible in the fName and fPassword fields on the main login page for the console (login.php) Issue 3: If the drive in which 3CX is installed reaches 100% capacity the login.php page reveals the installation path to any user. Issue 4: Performing vulnerability scans (Nessus/SAINT) against a 3CX server causes the server to become unstable, crash and is non recoverable and must be reinstalled to use again. Time line: Discovered: August 5th 2008 Vendor notified: August 24th 2008 Vendor response: September 3rd, 2008 Vendor fix: November 2008 Chris Castaldo "An ounce of prevention is worth a pound of cure." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists