Elastix vTiger exploit

Recently I’ve seen a big increase in the number of network scans against the version of vTiger that was included with Elastix.

The attackers are looking for this exploit – http://www.cvedetails.com/cve/CVE-2009-3249/

This allows viewing any file on the system, meaning that they can see all Asterisk usernames and passwords for trunks and extensions.

In fact there have been quite a lot of exploits with vTiger over the years, and there will likely be more – http://www.cvedetails.com/product/6148/Vtiger-Vtiger-Crm.html?vendor_id=3505

I strongly recommend that if you run Elastix (which includes vTiger even if you don’t use it) that you either –

  1. Limit access to the web interface of your server to only specific IP addresses
  2. If you don’t use vTiger then disable access to the interface by running –
chmod 000 /var/www/html/vtigercrm