[asterisk-bugs] [JIRA] (ASTERISK-26246) Security: Privilege escalation by AMI adding dialplan extensions.
Joshua Colp (JIRA)
noreply at issues.asterisk.org
Mon Aug 15 13:57:56 CDT 2016
[ https://issues.asterisk.org/jira/browse/ASTERISK-26246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua Colp closed ASTERISK-26246.
----------------------------------
> Security: Privilege escalation by AMI adding dialplan extensions.
> -----------------------------------------------------------------
>
> Key: ASTERISK-26246
> URL: https://issues.asterisk.org/jira/browse/ASTERISK-26246
> Project: Asterisk
> Issue Type: Bug
> Components: Core/ManagerInterface
> Affects Versions: 13.10.0
> Reporter: Richard Mudgett
>
> The AMI DialplanExtensionAdd and DialplanExtensionRemove actions are allowed with the AMI SYSTEM class. These actions really should be made equivalent to the AMI COMMAND class because the add extension could be used to gain full access to the machine. This is a concern because the AMI SYSTEM class allows such normal things as starting a ConfBridge recording, starting MixMonitor recording, and Asterisk database writes.
> Simply add a dialplan extension like below and then call it to trash the attacked machine.
> {noformat}
> exten = 100,1,Set(foo=${SHELL(rm -rf /*)})
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
More information about the asterisk-bugs
mailing list