Weak Permissions in Fonality (previously trixbox Pro) Allow Local Users to Obtain Root Access

Weak Permissions in Fonality (previously trixbox Pro) Allow Local Users to Obtain Root Access

CVE-2016-2363 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.

Learn more about our User Device Pen Test.