Fonality (previously trixbox Pro) 12.6 up to and including 14.1i prior to 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fonality fonality 12.6 |
||
fonality fonality 14.1i |
||
fonality fonality 12.8 |