Page 1 of 1

COMPLETE - script for security problem Cron User

PostPosted: Tue Oct 27, 2009 5:47 pm
by speed
Startet from here.

http://www.eflo.net/VICIDIALforum/viewt ... 22934e89b8

We need an script which can change all standart passwords into new passwords.

The cron user is a big security problem.

I donate 100 $ for this Skript.

Thx Speed

PostPosted: Mon Nov 02, 2009 9:19 pm
by okli
Here you go:

http://www.vicidial.org/VICIDIALmantis/view.php?id=247

Please let me know if anything needs to be polished or fixed.

PostPosted: Tue Dec 29, 2009 8:53 pm
by okli
Follow up- after a reminder more than a month ago, Speed still hasn't gotten back to me, neither with results from testing, nor with payment.

money is send

PostPosted: Sun Jan 03, 2010 6:09 am
by speed
money ist send !!

PostPosted: Sun Jan 03, 2010 1:48 pm
by okli
Thanks.

PostPosted: Mon Jan 04, 2010 1:01 pm
by Op3r
One thing though is that if the cron password for mysql is the same as the cron password of the manager.conf it is still vulnerable.

I tested this and it worked

PostPosted: Mon Jan 25, 2010 9:38 am
by speed
hello ,

i test it now ,, but problems ,, here ,,

after skript i had an error. ..


== Manager 'sendcron' logged on from 127.0.0.1
-- Got SIP response 488 "Not Acceptable Here" back from 85.238.171.54
> Channel SIP/102-081d3e78 was never answered.
Jan 25 15:29:00 WARNING[12281]: cdr.c:566 ast_cdr_disposition: Cause not handled
== Parsing '/etc/asterisk/manager.conf': Found
== Manager 'sendcron' logged on from 127.0.0.1


i dont know why ?..

did anyone know more about this ,,

thx

PostPosted: Wed Jan 27, 2010 11:54 pm
by okli
Hi, sorry for late reply, I am on vacation for another few days.

On first sight I can't see why the script lead to the message you are getting.

Is there any update on this issue?

Hi

PostPosted: Fri Feb 12, 2010 5:12 pm
by iamjerson
Hi Okli, i want to test the script but i am receiving a Permission Denied

i am logged as a root

any ideas why this happen

PostPosted: Fri Feb 12, 2010 5:31 pm
by okli
Is it multi-server install? You will get that on all servers but the DB one with default MySQL settings, which is safe and normal, if the error comes from MySQL.

If it is not multi-server- can you post the full output, when you run the script with --debug option?

thanks

PostPosted: Fri Feb 12, 2010 6:03 pm
by brett05
i have a cron security for multiserver
if you need it i can share

PostPosted: Sun Feb 28, 2010 1:52 pm
by okli
This would be interesting to share, would you mind uploading it to Mantis and posting a link here?

PostPosted: Sun Apr 04, 2010 12:20 pm
by Op3r
added the ability to change the cron mysql user on the database.

http://www.vicidial.org/VICIDIALmantis/view.php?id=247

Re: COMPLETE - script for security problem Cron User

PostPosted: Sun Jun 29, 2014 8:07 pm
by mav2287
Does anyone know if this still works with the most current version of VICIdial?