Author: kharwell Date: Thu Nov 20 10:16:46 2014 New Revision: 428344 URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428344 Log: AST-2014-017 - app_confbridge: permission escalation/ class authorization.
Confbridge dialplan function permission escalation via AMI and inappropriate class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord” could also be used to execute arbitrary system commands without first checking for system access. Asterisk now inhibits the CONFBRIDGE function from being executed from an external interface if the live_dangerously option is set to no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed to execute under a user with system level access. ASTERISK-24490 Reported by: Gareth Palmer ........ Merged revisions 428332 from http://svn.asterisk.org/svn/asterisk/branches/11 Modified: certified/branches/11.6/ (props changed) certified/branches/11.6/apps/app_confbridge.c Propchange: certified/branches/11.6/ ------------------------------------------------------------------------------ Binary property 'branch-11-merged' - no diff available. Modified: certified/branches/11.6/apps/app_confbridge.c URL: http://svnview.digium.com/svn/asterisk/certified/branches/11.6/apps/app_confbridge.c?view=diff&rev=428344&r1=428343&r2=428344 ============================================================================== --- certified/branches/11.6/apps/app_confbridge.c (original) +++ certified/branches/11.6/apps/app_confbridge.c Thu Nov 20 10:16:46 2014 @@ -3102,7 +3102,7 @@ ast_log(LOG_ERROR, "Unable to load config. Not loading module.\n"); return AST_MODULE_LOAD_DECLINE; } - if ((ast_custom_function_register(&confbridge_function))) { + if ((ast_custom_function_register_escalating(&confbridge_function, AST_CFE_WRITE))) { return AST_MODULE_LOAD_FAILURE; } if ((ast_custom_function_register(&confbridge_info_function))) { @@ -3133,7 +3133,7 @@ res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL, action_confbridgekick); res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL, action_confbridgeunlock); res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL, action_confbridgelock); - res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_CALL, action_confbridgestartrecord); + res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_SYSTEM, action_confbridgestartrecord); res |= ast_manager_register_xml("ConfbridgeStopRecord", EVENT_FLAG_CALL, action_confbridgestoprecord); res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc", EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc); if (res) { -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- svn-commits mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/svn-commits
