vicidial.org

VICIDIAL astGUIclient discussion forum
http://www.vicidial.org/VICIDIALforum/

Recommended VICIdial Security Upgrade Notice: October 2021

http://www.vicidial.org/VICIDIALforum/viewtopic.php?f=2&t=41083

Page 1 of 1

Recommended VICIdial Security Upgrade Notice: October 2021

PostPosted: Mon Oct 18, 2021 8:21 am
by mflorell
Please read this carefully as it contains important information regarding the security of your VICIdial system.

Due to the recent discovery of critical security risks in the admin and
agent web interface code, we have rolled out an update to the VICIdial
code-base. These vulnerabilities have been patched and we have added
additional code that further secures the web-facing portions of
VICIdial. Any system that is at SVN revision 3509 or greater already has
these changes(Aug 28, 2021). If your system is below that version, we strongly
recommend that you upgrade VICIdial to address these concerns.

Instructions for how to connect to our public SVN server to get the latest code
are available here: http://wiki.vicidial.org/doku.php?id=svn

You can also find recent snapshots of the svn code available here:
https://www.vicidial.org/svn_trunk_nightly/

If you have a VICIhost account with us, know that we have already upgraded
all servers and there is nothing that needs to be done on your end.

If you have any questions about this notice, please contact us or reply to this post.

Re: Recommended VICIdial Security Upgrade Notice: October 20

PostPosted: Tue Oct 26, 2021 9:54 am
by SPAMSAM
So what were the vulnerabilities that have been patched? Just asking out of interest.

Re: Recommended VICIdial Security Upgrade Notice: October 20

PostPosted: Tue Oct 26, 2021 3:18 pm
by mflorell
They were all web page vulnerabilities. A security researcher from Sweden found them and will be publishing more details on the issues in about a month.

Re: Recommended VICIdial Security Upgrade Notice: October 20

PostPosted: Thu Nov 18, 2021 9:16 am
by mflorell
The security researcher has published their results,
*** LINK REMOVED AT WEBSITE OWNER'S REQUEST ***

Re: Recommended VICIdial Security Upgrade Notice: October 20

PostPosted: Fri Nov 19, 2021 9:53 am
by carpenox
something new ive been seeing Matt

[Nov 19 09:32:25] NOTICE[118332]: chan_skinny.c:7534 skinny_session: Starting Skinny session from 42.193.16.135
[Nov 19 09:32:25] WARNING[118332]: chan_skinny.c:7598 skinny_session: Skinny packet too large (542393675 bytes), max length(2000 bytes)
[Nov 19 09:32:25] NOTICE[118332]: chan_skinny.c:7650 skinny_session: Skinny Session returned: Success
[Nov 19 09:32:25] NOTICE[118332]: chan_skinny.c:7476 skinny_session_cleanup: Ending Skinny session from unknown at 42.193.16.135

Re: Recommended VICIdial Security Upgrade Notice: October 20

PostPosted: Fri Nov 19, 2021 7:47 pm
by mflorell
chan_skinny is for OLD Cisco hardphones, I'd suggest disabling the module if you don't have one of those phones.
All times are UTC - 5 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/