Critical Update Released

wardmundy

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
20,217
Reaction score
5,974
We've released a patch to the Kennonsoft main menu that adddresses a critical permission problem. This is an important update and should be applied to all systems as soon as possible. Note we have released it for all versions of PBX in a Flash.

To apply it, log into your server as root and...

(for Asterisk 1.4 based installs)

update-scripts

then

update-fixes


(for Asterisk 1.6 based installs)

update-scripts16

then

update-fixes16

As a precaution, until everyone has had an opportunity to apply the patch, we don't plan to release further details. So... don't ask. If we told you, we'd have to kill you. ;)
 
Patch

As always, thanks for keeping us informed and up-to-date Ward!

-stucker
 
cosmicwombat said:
But, how will you know when everyone has applied the patch...
Hmmmmm...?
Click to expand...

Well, you're right, of course. Just keep in mind that the only purpose of this password was to keep people out of the Admin menu. It didn't stop anyone from typing /admin. So it was next to worthless except to deter the casual observer who knew nothing about FreePBX or Asterisk. It turns out the password was about that secure, too.

So... the real risk is that someone might use the same password for the Admin UI as well as their other more important Linux, Asterisk and FreePBX accounts. That would be a very bad thing. :smile5: This patch addresses this by better protecting the password. Now we have to kill you.
 
Ah, I see...

Catch me if you can....

btw, i added the Aastra auto config bit... How cool is that!

Thanks Ward.
 
Can you explain what you mean by "i added the Aastra auto config bit"??? I have a custom Aastra setup and I don't want a conflict between your changes and what I have worked to develop.
 
The Aastra discussion has nothing to do with this update or this thread. Please post it separately in the appropriate forum if you have a concern.
 
Um, logged in as root and typing update-scripts just gives me a "-bash: update-scripts: command not found" message.

I am on 1.4.13 so maybe doing something wrong? Any ideas?
 
look in /usr/local/sbin

if it is not there then you may be running a version prior to 1.1 or you hav deleted these fies somwhow

tom
 
darmock said:
you may be running a version prior to 1.1
Click to expand...

Thanks for that. Yeah, I'm on Piaf 1.0.

Having searched the forum, I came across one of your posts that gave a link to a page on updating from 1.0, but unfortunately the link took me to a "page not found" error.

I'll probably just install 1.2 and start again as there are a couple of other minor issues.
 
You must log in or register to reply here.

Members online

Total: 37 (members: 1, guests: 36)

Latest Posts

Forum statistics

Threads
26,686
Messages
174,407
Members
20,257
Latest member
Dempan
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top