Any network service could potentially harbor a buffer overflow, etc that could result in remote command execution. Provided someone find a similar bug and it's exploitable, they would theoretically be able to spawn a shell with the same rights as Asterisk. Generally, it's better to run services as nobody. I would be hesitant to allow management of VPN's from within Asterisk.
Check out this link: http://mixter.void.ru/exploit.html It's a basic tutorial on writing shell code for buffer overflows. The basic idea is you find some condition where you can cause the application to seg fault and if you are lucky, it will allow you to write your shell code to memory, gain control of the stack pointer, and make your shell code run. These types of exploits have to be tailored to specific OS's and architectures. Shellcode that works on a BSD system will not work on Solaris or Redhat, etc... Generally you can reuse the delivery code by swapping out the shell code for whatever you are attacking. I'm not stating these currently exist in Asterisk, but theoretically it is likely and we just don't know about it yet. Prudence suggest that we don't help the hackers any more than we have to in case they find it first. I think it would be really difficult to lockdown VPN if Asterisk manages it's operation. Asterisk would have to have execution rights to the VPN binaries or an intermediate script at the very least. Just my 2 cents. -------------------------------------------------- Salvatore Giudice [EMAIL PROTECTED] VoIP Security Training, LLC http://VoIPSecurityTraining.com 848 N. Rainbow Blvd. #1676 Las Vegas, NV 89107 Phone: (617) 959-7625 Fax: (214) 279-2906 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kai-Uwe Jensen Sent: Wednesday, May 02, 2007 8:13 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [asterisk-users] VPN between Asterisk server and phone client On 5/2/07, Salvatore Giudice <[EMAIL PROTECTED]> wrote: > If you run it on the fly, doesn't that mean that the Asterisk user will have > permissions to configure VPN's? Nobody sees a problem with that? I thinking > that if you knock over the Asterisk service and get shell execution rights > as Asterisk, you could be able to start tunnels for things other than voice. > It's like giving a hacker a great way to hide their activities from your IDS > without having to bother to get root first to install an encrypted data > pipe. That's true, the asterisk user needs to be able to invoke the "start_vpn" script or program. That does not mean that the asterisk user will have to have superuser rights to configure VPNs. You could make the start_vpn program setuid to a user that has those rights (and in that case, you probably don't want start_vpn to be a script). Also, openvpn typically starts "predefined" VPNs. To define a new one, someone would have to have access to the file system. When you say "knock over the Asterisk servoce and get shell execution rights", how would that happen, exactly? I can think of DoS attacks and other stuff, but am wondering how "knocking over Asterisk" will give someone shell execution rights? As I said above, you would want to make the function to start a VPN connection as safe as possible. That would include NOT using scripts, and employing other verification methods. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users