[asterisk-commits] r415825 - svn:log
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Jun 12 10:31:16 CDT 2014
Author: jrose
Revision: 415825
Modified property: svn:log
Modified: svn:log at Thu Jun 12 10:31:16 2014
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Thu Jun 12 10:31:16 2014
@@ -1,4 +1,11 @@
-MixMonitor: Add privelege requirements to Start/Stop MixMonitor AMI commands
+MixMonitor: Add class authorization requirements to MixMonitor AMI commands
+
+MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked class
+authorization. StopMixMonitor now requires that the manager user either have
+the call or system class authorization. StartMixMonitor is a slightly larger
+issue since it can execute shell commands if the right arguments are passed
+into it, and we consider this a permission escalation. A security release
+will be issued for problem this shortly.
ASTERISK-23609 #close
Reported by: Corey Farrell
More information about the asterisk-commits
mailing list