[asterisk-bugs] [JIRA] (ASTERISK-26246) Security: Privilege escalation by AMI adding dialplan extensions.

George Joseph (JIRA) noreply at issues.asterisk.org
Wed Aug 2 10:16:17 CDT 2017


     [ https://issues.asterisk.org/jira/browse/ASTERISK-26246?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

George Joseph updated ASTERISK-26246:
-------------------------------------

    Target Release Version/s: 15.0.0

> Security: Privilege escalation by AMI adding dialplan extensions.
> -----------------------------------------------------------------
>
>                 Key: ASTERISK-26246
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-26246
>             Project: Asterisk
>          Issue Type: Bug
>          Components: Core/ManagerInterface
>    Affects Versions: 13.10.0
>            Reporter: Richard Mudgett
>      Target Release: 13.12.0, 14.1.0, 15.0.0
>
>
> The AMI DialplanExtensionAdd and DialplanExtensionRemove actions are allowed with the AMI SYSTEM class.  These actions really should be made equivalent to the AMI COMMAND class because the add extension could be used to gain full access to the machine.  This is a concern because the AMI SYSTEM class allows such normal things as starting a ConfBridge recording, starting MixMonitor recording, and Asterisk database writes.
> Simply add a dialplan extension like below and then call it to trash the attacked machine.
> {noformat}
> exten = 100,1,Set(foo=${SHELL(rm -rf /*)})
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)



More information about the asterisk-bugs mailing list