Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6424

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6424
Last Modified 07 Mar 2011 10:02:42
Published 18 Dec 2007 02:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6424

Summary

registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.

Vulnerable Systems

Application

  • Fonality Trixbox 2.0


References

MISC - http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home

MISC - http://www.superunknown.org/pivot/entry.php?id=15

MLIST - [VOIPSEC] 20071219 Trixbox Arbitrary Command Execution Vulnerability

MLIST - [VOIPSEC] 20071216 Trixbox Arbitrary Command Execution Vulnerability

OSVDB - 44136

MLIST - [VOIPSEC] 20071219 trixbox vulnerability fluff

MLIST - [VOIPSEC] 20071219 trixbox vuln (CVE-2007-6424) - PoC exploit code

MISC - http://voipsa.org/blog/2007/12/17/trixbox-contains-phone-home-code-to-retrieve-arbitrary-commands-to-execute/


Last Updated: 27 May 2016 10:46:30