[asterisk-commits] r415832 - svn:log
SVN commits to the Asterisk project
asterisk-commits at lists.digium.com
Thu Jun 12 10:35:03 CDT 2014
Author: jrose
Revision: 415832
Modified property: svn:log
Modified: svn:log at Thu Jun 12 10:35:03 2014
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Thu Jun 12 10:35:03 2014
@@ -1,7 +1,15 @@
-MixMonitor: Add privelege requirements to Start/Stop MixMonitor AMI commands
+MixMontior: Add class authorization requirements to MixMonitor AMI commands
+
+MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked class
+authorization. StopMixMonitor now requires that the manager user either have
+the call or system class authorization. StartMixMonitor is a slightly larger
+issue since it can execute shell commands if the right arguments are passed
+into it, and we consider this a permission escalation. A security release
+will be issued for problem this shortly.
ASTERISK-23609 #close
Reported by: Corey Farrell
+
........
Merged revisions 415825 from http://svn.asterisk.org/svn/asterisk/branches/11
More information about the asterisk-commits
mailing list