[asterisk-bugs] [Asterisk 0017908]: [patch] MeetMe PIN handling broken
Asterisk Bug Tracker
noreply at bugs.digium.com
Mon Sep 20 19:00:24 CDT 2010
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=17908
======================================================================
Reported By: kuj
Assigned To: bbryant
======================================================================
Project: Asterisk
Issue ID: 17908
Category: Applications/app_meetme
Reproducibility: always
Severity: minor
Priority: normal
Status: closed
Target Version: 1.4.38
Asterisk Version: 1.4.35
JIRA: SWP-2123
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 2010-08-24 20:35 CDT
Last Modified: 2010-09-20 19:00 CDT
======================================================================
Summary: [patch] MeetMe PIN handling broken
Description:
The handling of PINs in app_meetme is broken. Users are prompted for PINs
that don't exist, and regular users can gain conference admin privileges
without a conference's admin PIN.
======================================================================
Relationships ID Summary
----------------------------------------------------------------------
related to 0015704 [patch] MeetMe privilege escalation in ...
======================================================================
----------------------------------------------------------------------
(0127170) svnbot (reporter) - 2010-09-20 19:00
https://issues.asterisk.org/view.php?id=17908#c127170
----------------------------------------------------------------------
Repository: asterisk
Revision: 287760
_U branches/1.8/
U branches/1.8/apps/app_meetme.c
------------------------------------------------------------------------
r287760 | bbryant | 2010-09-20 19:00:24 -0500 (Mon, 20 Sep 2010) | 30
lines
Merged revisions 287759 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.6.2
................
r287759 | bbryant | 2010-09-20 19:58:26 -0400 (Mon, 20 Sep 2010) | 23
lines
Merged revisions 287758 via svnmerge from
https://origsvn.digium.com/svn/asterisk/branches/1.4
........
r287758 | bbryant | 2010-09-20 19:57:08 -0400 (Mon, 20 Sep 2010) | 16
lines
Fix misvalidation of meetme pins in conjunction with the 'a' MeetMe
flag.
When using the 'a' MeetMe flag and having a user and admin pin setup
for your
conference, using the user pin would gain you admin priviledges. Also,
when no
user pin was set, an admin pin was, the 'a' MeetMe flag wasn't used,
and the
user tried to enter a conference then they were still prompted for a
pin and
forced to hit #.
(closes issue https://issues.asterisk.org/view.php?id=17908)
Reported by: kuj
Patches:
pins_2.patch uploaded by kuj (license 1111)
Tested by: kuj
Review: [full review board URL with trailing slash]
........
................
------------------------------------------------------------------------
http://svn.digium.com/view/asterisk?view=rev&revision=287760
Issue History
Date Modified Username Field Change
======================================================================
2010-09-20 19:00 svnbot Checkin
2010-09-20 19:00 svnbot Note Added: 0127170
======================================================================
More information about the asterisk-bugs
mailing list