[asterisk-bugs] [Asterisk 0015704]: [patch] MeetMe privilege escalation in password query
Asterisk Bug Tracker
noreply at bugs.digium.com
Tue Jun 29 18:01:21 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=15704
======================================================================
Reported By: modelnine
Assigned To: jpeeler
======================================================================
Project: Asterisk
Issue ID: 15704
Category: Applications/app_meetme
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
Asterisk Version: 1.6.1.2
JIRA: SWP-1758
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2009-08-12 15:43 CDT
Last Modified: 2010-06-29 18:01 CDT
======================================================================
Summary: [patch] MeetMe privilege escalation in password
query
Description:
Due to invalid checking in the conference pin query of the MeetMe
application, a user can enter a conference as administrator when the "a"
flag is set in the MeetMe() call from the dial-plan and the user only knows
the user pin (which of course might be empty).
This stems from the fact that confflags is set to contain the ADMIN flag
by the "a" option, but this is not handled separately in the testing code
for checking the pin (i.e., the ADMIN flag is not reset or the
authentication rejected when the user doesn't enter the admin, but the user
pin).
The attached patch fixes the issue for conferences which have an empty
user-pin (which is the only reasonable assumption I could find for actually
giving the "a" flag on the MeetMe() commandline); reworking the patch to
fix the issue in the general case (i.e., if "a" is specified, only admins
may enter) is simple.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0015707 [patch] Passing the mute flag to MeetMe...
======================================================================
----------------------------------------------------------------------
(0124055) jpeeler (administrator) - 2010-06-29 18:01
https://issues.asterisk.org/view.php?id=15704#c124055
----------------------------------------------------------------------
Ok, after looking way back to issue https://issues.asterisk.org/view.php?id=2387
trying to figure out the best way
to handle this I've changed:
conf => 2345,5555 : didn't prompt for pin with 'a' option, now does
conf => 2345,,6666 : didn't prompt for pin without 'a' option, now does
This seems to make the most sense to me.
Issue History
Date Modified Username Field Change
======================================================================
2010-06-29 18:01 jpeeler Note Added: 0124055
======================================================================
More information about the asterisk-bugs
mailing list