ALERT AI helped find CopyFail exploit to give a user root access to in all Linux distros
- Thread starter KNERD
- Start date
chris_c_
Active Member
- Joined
- Aug 19, 2010
- Messages
- 658
- Reaction score
- 116
UPDATED.
To exploit this FreePBX remote code execution bug, you'd have to
1. find a FreePBX system (or IncrediblePBX system, I use these names interchangeably as they are both affected) that was NOT patched with the November 2025, update to the filestore module 17.0.3.
2. And the Debian 12 OS be not patched for the Copy.Fail root priviliege escalation exploit.
3. And you'd need a simple login account into the Freepbx web interface, and it doesn't have to be an admin login, it can be a regular user login.
Steps to exploit: you'll start as user asterisk, remotely run the one line python copy fail exploit command, and you're root, then you can install a persistent web shell, or run any command.
Note: an updated Incredible / FreePBX is not susceptible to this attack, as the filestore module version is....
To exploit this FreePBX remote code execution bug, you'd have to
1. find a FreePBX system (or IncrediblePBX system, I use these names interchangeably as they are both affected) that was NOT patched with the November 2025, update to the filestore module 17.0.3.
2. And the Debian 12 OS be not patched for the Copy.Fail root priviliege escalation exploit.
3. And you'd need a simple login account into the Freepbx web interface, and it doesn't have to be an admin login, it can be a regular user login.
Steps to exploit: you'll start as user asterisk, remotely run the one line python copy fail exploit command, and you're root, then you can install a persistent web shell, or run any command.
Note: an updated Incredible / FreePBX is not susceptible to this attack, as the filestore module version is....
Code:
$ sudo fwconsole ma list | grep filestore
| filestore | 17.0.3 | Enabled | AGPLv3 |
Last edited:
hecatae
resident hecatae
- Joined
- Feb 7, 2014
- Messages
- 1,029
- Reaction score
- 307
GitHub - V4bel/dirtyfrag
Contribute to V4bel/dirtyfrag development by creating an account on GitHub.
github.com
Here it comes
hecatae
resident hecatae
- Joined
- Feb 7, 2014
- Messages
- 1,029
- Reaction score
- 307
Plus
github.com
Both completely unpacked at present.
GitHub - 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo: Copy Fail 2: Electric Boogaloo
Copy Fail 2: Electric Boogaloo. Contribute to 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo development by creating an account on GitHub.
github.com
Both completely unpacked at present.
hecatae
resident hecatae
- Joined
- Feb 7, 2014
- Messages
- 1,029
- Reaction score
- 307
Whole bunch of stuff is being merged regarding this at present:
git.kernel.org
kernel/git/stable/linux.git - Linux kernel stable tree
wardmundy
Nerd Uno
- Joined
- Oct 12, 2007
- Messages
- 20,217
- Reaction score
- 5,974
CVE-2026-31431 Mitigation
While waiting for the patch on Debian 12 here’s how to mitigate the issue Get the test script to see if the system is vulnerable. cd /usr/src curl -O https://raw.githubusercontent.com/rootsecdev/cve_2026_31431/main/test_cve_2026_31431.py python3 test_cve_2026_31431.py Run the test script...
community.freepbx.org
Get 3CX - Absolutely Free!
Link up your team and customers 
Phone System Live Chat Video Conferencing
Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.
Verify your Email
Check your inbox!
We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).
Upon verification you will be directed to the 3CX setup wizard.