The FreePBX development team are advising of a security issue affecting all current installs of FreePBX based on CentOS.
This from Tony Lewis at Schmooze Communications –
“I think you need to evaluate your version of php and apache for exploits as we have spent countless hours on FreePBX Support the past week with customers from PBXiaF, Trixbox, Elastix, AsteriskNow and yes the FreePBX Distro who have been hacked from these exploits. We rolled an upgrade today that patches the exploits in 3 different packages.
Neither Centos 5.5, 5.6 or 6.0 have versions of apache that closes this exploit”
At this time I have no further information and suggest you check the PIAF forum –
or FreePBX forum –
for more information.
UPDATE – 11/8/2011
Unfortunately, from all the information that I’ve read, none of it points to the method used to compromise the servers discussed in the posts above. The outcome I’ve seen many times (doing sys admin work for people) – the compromised box is used to scan for other servers with vulnerabilities.
This is just a guess but I would assume they did not get root access to the box. Most of the servers that I’ve seen that have been root compromised have had a root kit, or other back door installed, and updating Apache / PHP would not prevent them having access to the box.
It’s likely that the user that was running the Apache process was compromised, allowing uloaded scripts to be excuted locally.
The advice remains the same though, where at all possible do not allow general access to your web server ports.
UPDATE – 13/08/11
The original machine in this thread was compromised due to this exploit in phpmyadmin – http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3055.
As things stand (13/8/11) it looks like the version of phpmyadmin included in the FreePBX Distro repos is vulnerable. I suggest not installing it, especially if your machine is accessible over the web.
I still have no further information on any other potential exploits.