[asterisk-bugs] [Asterisk 0017908]: [patch] MeetMe PIN handling broken

Asterisk Bug Tracker noreply at bugs.digium.com
Mon Sep 20 18:57:09 CDT 2010


The following issue has been ASSIGNED. 
====================================================================== 
https://issues.asterisk.org/view.php?id=17908 
====================================================================== 
Reported By:                kuj
Assigned To:                bbryant
====================================================================== 
Project:                    Asterisk
Issue ID:                   17908
Category:                   Applications/app_meetme
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     assigned
Target Version:             1.4.38
Asterisk Version:           1.4.35 
JIRA:                       SWP-2123 
Regression:                 No 
Reviewboard Link:            
SVN Branch (only for SVN checkouts, not tarball releases): N/A 
SVN Revision (number only!):  
Request Review:              
====================================================================== 
Date Submitted:             2010-08-24 20:35 CDT
Last Modified:              2010-09-20 18:57 CDT
====================================================================== 
Summary:                    [patch] MeetMe PIN handling broken
Description: 
The handling of PINs in app_meetme is broken. Users are prompted for PINs
that don't exist, and regular users can gain conference admin privileges
without a conference's admin PIN.
======================================================================
Relationships       ID      Summary
----------------------------------------------------------------------
related to          0015704 [patch] MeetMe privilege escalation in ...
====================================================================== 

---------------------------------------------------------------------- 
 (0127168) svnbot (reporter) - 2010-09-20 18:57
 https://issues.asterisk.org/view.php?id=17908#c127168 
---------------------------------------------------------------------- 
Repository: asterisk
Revision: 287758

U   branches/1.4/apps/app_meetme.c

------------------------------------------------------------------------
r287758 | bbryant | 2010-09-20 18:57:08 -0500 (Mon, 20 Sep 2010) | 16
lines

Fix misvalidation of meetme pins in conjunction with the 'a' MeetMe flag.

When using the 'a' MeetMe flag and having a user and admin pin setup for
your
conference, using the user pin would gain you admin priviledges. Also,
when no
user pin was set, an admin pin was, the 'a' MeetMe flag wasn't used, and
the
user tried to enter a conference then they were still prompted for a pin
and
forced to hit #.

(closes issue https://issues.asterisk.org/view.php?id=17908)
Reported by: kuj
Patches:
      pins_2.patch uploaded by kuj (license 1111)
      Tested by: kuj

      Review: [full review board URL with trailing slash]

------------------------------------------------------------------------

http://svn.digium.com/view/asterisk?view=rev&revision=287758 

Issue History 
Date Modified    Username       Field                    Change               
====================================================================== 
2010-09-20 18:57 svnbot         Checkin                                      
2010-09-20 18:57 svnbot         Note Added: 0127168                          
2010-09-20 18:57 svnbot         Status                   ready for testing =>
assigned
======================================================================




More information about the asterisk-bugs mailing list