QwikSec

Security Database

CVE

CWE

Training

CVE-2007-6424

Published: Dec 18, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[VOIPSEC] 20071219 trixbox vuln (CVE-2007-6424) - PoC exploit code

mailing-list

x_refsource_MLIST

[VOIPSEC] 20071216 Trixbox Arbitrary Command Execution Vulnerability

mailing-list

x_refsource_MLIST

[VOIPSEC] 20071219 trixbox vulnerability fluff

mailing-list

x_refsource_MLIST

http://www.trixbox.org/forums/trixbox-forums/open-discussion/trixbox-phones-home

x_refsource_MISC

http://voipsa.org/blog/2007/12/17/trixbox-contains-phone-home-code-to-retrieve-arbitrary-commands-to-execute/

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

http://www.superunknown.org/pivot/entry.php?id=15

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.