Author: bebuild
Date: Thu Nov 20 11:12:18 2014
New Revision: 428448
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428448
Log:
Merge 428334 for AST-2014-017
Modified:
tags/12.7.1/ (props changed)
tags/12.7.1/ChangeLog
tags/12.7.1/apps/app_confbridge.c
Propchange: tags/12.7.1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 20 11:12:18 2014
@@ -1,1 +1,1 @@
-/branches/12:427382,428301,428304,428333,428409,428422
+/branches/12:427382,428301,428304,428333-428334,428409,428422
Modified: tags/12.7.1/ChangeLog
URL:
http://svnview.digium.com/svn/asterisk/tags/12.7.1/ChangeLog?view=diff&rev=428448&r1=428447&r2=428448
==============================================================================
--- tags/12.7.1/ChangeLog (original)
+++ tags/12.7.1/ChangeLog Thu Nov 20 11:12:18 2014
@@ -52,6 +52,25 @@
ASTERISK-24528 #close
Reported by: Joshua Colp
+
+ * AST-2014-017 - app_confbridge: permission escalation/ class
+ authorization.
+
+ Confbridge dialplan function permission escalation via AMI and
+ inappropriate class authorization on the ConfbridgeStartRecord action.
+ The CONFBRIDGE dialplan function when executed from an external
+ protocol (for instance AMI), could result in a privilege escalation.
+ Also, the AMI action âConfbridgeStartRecordâ could also be used to
+ execute arbitrary system commands without first checking for system
+ access.
+
+ Asterisk now inhibits the CONFBRIDGE function from being executed
+ from an external interface if the live_dangerously option is set to
+ no. Also, the âConfbridgeStartRecordâ AMI action is now only
allowed
+ to execute under a user with system level access.
+
+ ASTERISK-24490
+ Reported by: Gareth Palmer
* AST-2014-018 - func_db: DB Dialplan function permission escalation
via AMI.
Modified: tags/12.7.1/apps/app_confbridge.c
URL:
http://svnview.digium.com/svn/asterisk/tags/12.7.1/apps/app_confbridge.c?view=diff&rev=428448&r1=428447&r2=428448
==============================================================================
--- tags/12.7.1/apps/app_confbridge.c (original)
+++ tags/12.7.1/apps/app_confbridge.c Thu Nov 20 11:12:18 2014
@@ -3357,7 +3357,7 @@
res |= ast_register_application_xml(app, confbridge_exec);
- res |= ast_custom_function_register(&confbridge_function);
+ res |= ast_custom_function_register_escalating(&confbridge_function,
AST_CFE_WRITE);
res |= ast_custom_function_register(&confbridge_info_function);
res |= ast_cli_register_multiple(cli_confbridge,
ARRAY_LEN(cli_confbridge));
@@ -3369,7 +3369,7 @@
res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL,
action_confbridgekick);
res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL,
action_confbridgeunlock);
res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL,
action_confbridgelock);
- res |= ast_manager_register_xml("ConfbridgeStartRecord",
EVENT_FLAG_CALL, action_confbridgestartrecord);
+ res |= ast_manager_register_xml("ConfbridgeStartRecord",
EVENT_FLAG_SYSTEM, action_confbridgestartrecord);
res |= ast_manager_register_xml("ConfbridgeStopRecord",
EVENT_FLAG_CALL, action_confbridgestoprecord);
res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc",
EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc);
if (res) {
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
svn-commits mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/svn-commits
