Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Security Issue

Security Issue

Security Issue

Incoming external caller can dial *2(in call attended transfer)or ##(in call blind transfer) plus any allowed number and be transferred to that number !

RE: Security Issue

Review the Asterisk Dial Options on the Advanced Settings page. Specifically, you will want to look at the T and the t.

By default these allow transfers and are enabled. Adjust them if you are concerned about an external caller being able to transfer a call.

RE: Security Issue

Certain conditions could break follow-me, without those options

RE: Security Issue

We should have this addressed within 48 hours.

RE: Security Issue

There is a simple fix but i requires root access!

RE: Security Issue

theislandtech, why don't you describe the simple fix? There could be a way to use it without root access...

RE: Security Issue

Works on non E-MetroTel systems

CODE -->

mysql -uroot -ppassw0rd asterisk -e "update freepbx_settings set value = 'tr' where keyword = 'DIAL_OPTIONS' limit 1"
mysql -uroot -ppassw0rd asterisk -e "update freepbx_settings set value = '' where keyword = 'TRUNK_OPTIONS' limit 1"
amportal a r 

RE: Security Issue

You don't need to have the root access for this change. wink To do exactly what you described, just open the UCx management GUI and
  • Navigate to PBX - PBX Configuration - Advanced Settings
  • Locate the section "Dialplan and Operational" on that page
  • Change the value of "Asterisk Dial Options" from the default "Ttr" to "tr" (i.e., remove the capital T)
  • Press the checkmark beside "Asterisk Dial Options" to save the modification of this option
  • Change the value of "Asterisk Outbound Trunk Dial Options" from the default "Tt" to "" (i.e., remove the Tt)
  • Press the checkmark beside "Asterisk Outbound Trunk Dial Options" to save the modification of this option
  • Press the pink bar Apply Config at the top of the page to apply these changes
Now, making these changes is NOT a solution/fix. The first change eliminates the security problem, but it also changes the behavior of the system. With this change, users won't be able to use transfer features in various situations. The Find Me/Follow Me feature can also be impacted. I can ensure you that many people won't like this change. The second change is for outbound calls - it is significantly less likely that someone would exploit that. I would recommend only the first change as a workaround until a real fix is available. A proper solution is more complicated...

RE: Security Issue

On non UCX systems in my lab, the GUI options did not give the desired results whereas the cmd line did.

RE: Security Issue

The advanced settings page is used to change values in the freepbx_settings database table - so, the GUI page does exactly what you did, but without the need to understand SQL. I suspect you might have missed the "Press the checkmark beside the option to save the modification".

RE: Security Issue

fraid not pressed checkmark and clicked apply

RE: Security Issue

We have addressed this issue in all three versions of our UCx product line (4.0, 4.5 and the upcoming 5.0)

It took a bit longer to do it correctly, but we feel good about the work we have done to address this.

We have added a TRUE/FALSE control on the Advanced Settings page of the gui under the Dialplan and Operational section. The field is labeled: "Disallow Transfers for Inbound Callers" and it defaults to TRUE, which prevents an external inbound caller from dialing *2
To override this behavior set this to FALSE.

These fixes will be available through our Software Update later today (April, 20, 2016).

RE: Security Issue

emtsupport, will this fix affect any other transfer function?

RE: Security Issue

BTW - if anyone is wondering how the exploit works, here is the scenario:

1. An external caller dials into a FreePBX based system and gets the incoming call answered (by dialing an extension - they would have to guess a valid extension on the system, by going through an IVR to some extension, using a directory, by reaching an operator, etc.)
2. Once the call is answered by an extension on the system (transfer cannot be used otherwise), the external caller presses *2 to invoke the Asterisk Built-in Attended Transfer feature. FreePBX based systems in their default configuration allow external callers to use this feature.
3. When the attended transfer is invoked, the external caller is presented with a dial tone and can dial any external destination allowed by the system.

From the perspective of the receiving party (extension, operator, etc.), they would describe it as - my phone was ringing, I answered and almost immediately I heard music on hold, so I hung up.

The easiest workaround for this security issue is to change the default feature code for Asterisk Built-in Attended Transfer from the default *2 to something else. The caller won't have any idea how to invoke the attended transfer and therefore won't be able to use the feature to make the external call.

RE: Security Issue

No Transfers are impacted, this just restricts what external callers have access to.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close