[svn-commits] kharwell: branch certified-11.6 r428397 - in /certified/branches/11.6: ./ funcs/

SVN commits to the Digium repositories Thu, 20 Nov 2014 08:30:54 -0800

Author: kharwell
Date: Thu Nov 20 10:30:23 2014
New Revision: 428397

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428397
Log:
AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.


The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)
........

Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11

Modified:
    certified/branches/11.6/   (props changed)
    certified/branches/11.6/funcs/func_db.c

Propchange: certified/branches/11.6/
------------------------------------------------------------------------------
Binary property 'branch-11-merged' - no diff available.

Modified: certified/branches/11.6/funcs/func_db.c
URL: 
http://svnview.digium.com/svn/asterisk/certified/branches/11.6/funcs/func_db.c?view=diff&rev=428397&r1=428396&r2=428397
==============================================================================
--- certified/branches/11.6/funcs/func_db.c (original)
+++ certified/branches/11.6/funcs/func_db.c Thu Nov 20 10:30:23 2014
@@ -351,7 +351,7 @@
 {
        int res = 0;
 
-       res |= ast_custom_function_register(&db_function);
+       res |= ast_custom_function_register_escalating(&db_function, 
AST_CFE_BOTH);
        res |= ast_custom_function_register(&db_exists_function);
        res |= ast_custom_function_register_escalating(&db_delete_function, 
AST_CFE_READ);
        res |= ast_custom_function_register(&db_keys_function);


-- 
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --

svn-commits mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/svn-commits

[svn-commits] kharwell: branch certified-11.6 r428397 - in /certified/branches/11.6: ./ funcs/

Reply via email to