[asterisk-bugs] [Asterisk 0018787]: [patch] Security issue in originate, system permission bypassed if using async
Asterisk Bug Tracker
noreply at bugs.digium.com
Thu Feb 10 15:52:45 CST 2011
A NOTE has been added to this issue.
======================================================================
https://issues.asterisk.org/view.php?id=18787
======================================================================
Reported By: kobaz
Assigned To:
======================================================================
Project: Asterisk
Issue ID: 18787
Category: Core/ManagerInterface
Reproducibility: always
Severity: trivial
Priority: normal
Status: new
Asterisk Version: 1.4.39.1
JIRA:
Regression: No
Reviewboard Link:
SVN Branch (only for SVN checkouts, not tarball releases): N/A
SVN Revision (number only!):
Request Review:
======================================================================
Date Submitted: 2011-02-10 15:33 CST
Last Modified: 2011-02-10 15:52 CST
======================================================================
Summary: [patch] Security issue in originate, system
permission bypassed if using async
Description:
If someone uses the async option in originate, the checks for executing
system commands are not done.
======================================================================
----------------------------------------------------------------------
(0131830) kobaz (developer) - 2011-02-10 15:52
https://issues.asterisk.org/view.php?id=18787#c131830
----------------------------------------------------------------------
Patch for 1.6.0, same changes need to be done on 1.6.1/1.6.2/1.8 and trunk.
Testers needed.
Issue History
Date Modified Username Field Change
======================================================================
2011-02-10 15:52 kobaz Note Added: 0131830
======================================================================
More information about the asterisk-bugs
mailing list