[asterisk-bugs] [Asterisk 0017908]: [patch] MeetMe PIN handling broken
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Sep 20 18:57:10 CDT 2010
The following issue has been RESOLVED.
======================================================================
https://issues.asterisk.org/view.php?id=17908
======================================================================
Reported By: kuj
Assigned To: bbryant
======================================================================
Project: Asterisk
Issue ID: 17908
Category: Applications/app_meetme
Reproducibility: always
Severity: minor
Priority: normal
Status: resolved
Target Version: 1.4.38
Asterisk Version: 1.4.35
JIRA: SWP-2123
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2010-08-24 20:35 CDT
Last Modified: 2010-09-20 18:57 CDT
======================================================================
Summary: [patch] MeetMe PIN handling broken
Description:
The handling of PINs in app_meetme is broken. Users are prompted for PINs
that don't exist, and regular users can gain conference admin privileges
without a conference's admin PIN.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0015704 [patch] MeetMe privilege escalation in ...
======================================================================
----------------------------------------------------------------------
(0127168) svnbot (reporter) - 2010-09-20 18:57
https://issues.asterisk.org/view.php?id=17908#c127168
----------------------------------------------------------------------
Repository: asterisk
Revision: 287758
U branches/1.4/apps/app_meetme.c
------------------------------------------------------------------------
r287758 | bbryant | 2010-09-20 18:57:08 -0500 (Mon, 20 Sep 2010) | 16
lines
Fix misvalidation of meetme pins in conjunction with the 'a' MeetMe flag.
When using the 'a' MeetMe flag and having a user and admin pin setup for
your
conference, using the user pin would gain you admin priviledges. Also,
when no
user pin was set, an admin pin was, the 'a' MeetMe flag wasn't used, and
the
user tried to enter a conference then they were still prompted for a pin
and
forced to hit #.
(closes issue https://issues.asterisk.org/view.php?id=17908)
Reported by: kuj
Patches:
pins_2.patch uploaded by kuj (license 1111)
Tested by: kuj
Review: [full review board URL with trailing slash]
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=287758
Issue History
Date Modified Username Field Change
======================================================================
2010-09-20 18:57 svnbot Checkin
2010-09-20 18:57 svnbot Note Added: 0127168
2010-09-20 18:57 svnbot Status ready for testing =>
assigned
2010-09-20 18:57 svnbot Status assigned => resolved
2010-09-20 18:57 svnbot Resolution open => fixed
======================================================================
More information about the asterisk-bugs
mailing list