ScopServ Fix Vulnerability CVE-2014-1691

ScopServ Vulnerability CVE-2014-1691 January 26, 2015

Scope:
ScopServ, ScopTEL installations could be vulnerable to CVE-2014-1691.

Description:
Unsanitized variables are passed to the unserialize() PHP function. A remote attacker could specially-craft one of those variables allowing to load and execute code.

Required Action:
In order to protect a ScopTEL installation from this vulnerability you must update to scopserv-5.0.0-2 scopserv-core-5.1.0.8.20150126-1 scopserv-framework-5.0.0.7.20150126-1 and meet all other dependencies including php-pecl-json-1.2.1-5

Immediate Recommendations:
It is highly recommended to perform a full update on each ScopServ, ScopTEL installation in order to simplify the upgrade procedure and also ensure all dependencies are met.
It is also highly recommended to reboot your server after the updates in order to ensure all services and scripts and have been updated.
From the Linux shell execute (without quotations) ‘scopserv_yum update’
And after the updates are completed execute (without quotations) ‘reboot’

    • Related Articles

    • ScopServ Vulnerability CVE-2014-1691 January 26, 2015 Addendum

      In addition to https://service.scopserv.com/support/scopservhq/ShowHomePage.do?articlestatus=published#Solutions/dv/542955000000703295/en If your installation cannot immediately and fully be upgraded as per the product bulletin. You may use this ...

    • ScopTEL is not effected by CVE-2021-44228 log4j vulnerability

      ScopServ is aware of the Apache log4j vulnerability and has completed verification that this issue does not affect ScopTEL products or services. Log4j is a java addon, no ScopTEL code is written in Java. On December 9th 2021, Apache published a ...

    • CVE-2015-0235 Ghost Vulnerability

      Details: https://rhn.redhat.com/errata/RHSA-2015-0090.html Updated glibc packages that fix one security issue are now available for ScopServ Distributions built on CentOS 5. Red Hat Product Security has rated this update as having Critical security ...

    • ScopTEL CVE-2026-31431 Product Bulletin, Linux Copy Fail Vulnerability.

      https://nvd.nist.gov/vuln/detail/CVE-2026-31431 Caveat This method only applies to Rocky 8 EL6 and EL7 are both End of Life and ScopSERV is not supporting either release. The official procedure is to update to Rocky 8 and update the kernel to the ...

    • Product Bulletin: RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034)

      https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 RHSB-2022-001 Polkit Privilege Escalation - (CVE-2021-4034) Executive summary Red Hat is aware of a vulnerability found in pkexec that allows an authenticated user to perform a ...