COMPLETE - script for security problem Cron User

Projects needing sponsorship, and bounties for projects

Moderators: Staydog, mflorell, MJCoate, mcargile, Kumba

COMPLETE - script for security problem Cron User

Postby speed » Tue Oct 27, 2009 5:47 pm

Startet from here.

http://www.eflo.net/VICIDIALforum/viewt ... 22934e89b8

We need an script which can change all standart passwords into new passwords.

The cron user is a big security problem.

I donate 100 $ for this Skript.

Thx Speed
speed
 
Posts: 71
Joined: Wed Apr 01, 2009 2:25 pm

Postby okli » Mon Nov 02, 2009 9:19 pm

Here you go:

http://www.vicidial.org/VICIDIALmantis/view.php?id=247

Please let me know if anything needs to be polished or fixed.
okli
 
Posts: 671
Joined: Mon Oct 01, 2007 5:09 pm

Postby okli » Tue Dec 29, 2009 8:53 pm

Follow up- after a reminder more than a month ago, Speed still hasn't gotten back to me, neither with results from testing, nor with payment.
okli
 
Posts: 671
Joined: Mon Oct 01, 2007 5:09 pm

money is send

Postby speed » Sun Jan 03, 2010 6:09 am

money ist send !!
speed
 
Posts: 71
Joined: Wed Apr 01, 2009 2:25 pm

Postby okli » Sun Jan 03, 2010 1:48 pm

Thanks.
okli
 
Posts: 671
Joined: Mon Oct 01, 2007 5:09 pm

Postby Op3r » Mon Jan 04, 2010 1:01 pm

One thing though is that if the cron password for mysql is the same as the cron password of the manager.conf it is still vulnerable.

I tested this and it worked
Get paid for US outbound Toll Free calls. PM me.
Op3r
 
Posts: 1432
Joined: Wed Jun 07, 2006 7:53 pm
Location: Manila

Postby speed » Mon Jan 25, 2010 9:38 am

hello ,

i test it now ,, but problems ,, here ,,

after skript i had an error. ..


== Manager 'sendcron' logged on from 127.0.0.1
-- Got SIP response 488 "Not Acceptable Here" back from 85.238.171.54
> Channel SIP/102-081d3e78 was never answered.
Jan 25 15:29:00 WARNING[12281]: cdr.c:566 ast_cdr_disposition: Cause not handled
== Parsing '/etc/asterisk/manager.conf': Found
== Manager 'sendcron' logged on from 127.0.0.1


i dont know why ?..

did anyone know more about this ,,

thx
speed
 
Posts: 71
Joined: Wed Apr 01, 2009 2:25 pm

Postby okli » Wed Jan 27, 2010 11:54 pm

Hi, sorry for late reply, I am on vacation for another few days.

On first sight I can't see why the script lead to the message you are getting.

Is there any update on this issue?
okli
 
Posts: 671
Joined: Mon Oct 01, 2007 5:09 pm

Hi

Postby iamjerson » Fri Feb 12, 2010 5:12 pm

Hi Okli, i want to test the script but i am receiving a Permission Denied

i am logged as a root

any ideas why this happen
iamjerson
 
Posts: 2
Joined: Tue Apr 14, 2009 8:43 am

Postby okli » Fri Feb 12, 2010 5:31 pm

Is it multi-server install? You will get that on all servers but the DB one with default MySQL settings, which is safe and normal, if the error comes from MySQL.

If it is not multi-server- can you post the full output, when you run the script with --debug option?
okli
 
Posts: 671
Joined: Mon Oct 01, 2007 5:09 pm

thanks

Postby brett05 » Fri Feb 12, 2010 6:03 pm

i have a cron security for multiserver
if you need it i can share
Jasperreports & Queuemetrics & SugarCRM integration - Customization and Add-ons
Freepbx||Billing||Centos||Opensuse||Debian||Centos||Fedora||Sangoma||Diguim
brett05
 
Posts: 571
Joined: Sun May 24, 2009 5:48 pm
Location: tunisia

Postby okli » Sun Feb 28, 2010 1:52 pm

This would be interesting to share, would you mind uploading it to Mantis and posting a link here?
okli
 
Posts: 671
Joined: Mon Oct 01, 2007 5:09 pm

Postby Op3r » Sun Apr 04, 2010 12:20 pm

added the ability to change the cron mysql user on the database.

http://www.vicidial.org/VICIDIALmantis/view.php?id=247
Get paid for US outbound Toll Free calls. PM me.
Op3r
 
Posts: 1432
Joined: Wed Jun 07, 2006 7:53 pm
Location: Manila

Re: COMPLETE - script for security problem Cron User

Postby mav2287 » Sun Jun 29, 2014 8:07 pm

Does anyone know if this still works with the most current version of VICIdial?
ViciBox5.x86_64-5.0.3.preload from .iso upgraded to 13.1 | VERSION: 2.10-444c BUILD: 150129-0828 | 1.8.32.2-vici | Dual Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel twin quad core 3Ghz Xeon chips | 32gb of RAM
mav2287
 
Posts: 256
Joined: Thu Oct 03, 2013 6:47 pm


Return to Projects

Who is online

Users browsing this forum: No registered users and 28 guests