[asterisk-commits] bebuild: tag 11.14.1 r428446 - in /tags/11.14.1: ./ apps/

[SVN commits to the Asterisk project]

Author: bebuild
Date: Thu Nov 20 11:10:03 2014
New Revision: 428446

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428446
Log:
Merge r428332 for AST-2014-017

Modified:
    tags/11.14.1/   (props changed)
    tags/11.14.1/ChangeLog
    tags/11.14.1/apps/app_confbridge.c

Propchange: tags/11.14.1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 20 11:10:03 2014
@@ -1,1 +1,1 @@
-/branches/11:427381,428299,428363,428417
+/branches/11:427381,428299,428332,428363,428417

Modified: tags/11.14.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/11.14.1/ChangeLog?view=diff&rev=428446&r1=428445&r2=428446
==============================================================================
--- tags/11.14.1/ChangeLog (original)
+++ tags/11.14.1/ChangeLog Thu Nov 20 11:10:03 2014
@@ -26,6 +26,25 @@
 
 	  ASTERISK-24440 #close
 	  Reported by: Ben Klang
+
+	* AST-2014-017 - app_confbridge: permission escalation/ class
+	  authorization.
+
+	  Confbridge dialplan function permission escalation via AMI and
+	  inappropriate class authorization on the ConfbridgeStartRecord action.
+	  The CONFBRIDGE dialplan function when executed from an external
+	  protocol (for instance AMI), could result in a privilege escalation.
+	  Also, the AMI action “ConfbridgeStartRecord” could also be used to
+	  execute arbitrary system commands without first checking for system
+	  access.
+
+	  Asterisk now inhibits the CONFBRIDGE function from being executed
+	  from an external interface if the live_dangerously option is set to
+	  no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed
+	  to execute under a user with system level access.
+
+	  ASTERISK-24490
+	  Reported by: Gareth Palmer
 
 	* AST-2014-018 - func_db: DB Dialplan function permission escalation
 	  via AMI.

Modified: tags/11.14.1/apps/app_confbridge.c
URL: http://svnview.digium.com/svn/asterisk/tags/11.14.1/apps/app_confbridge.c?view=diff&rev=428446&r1=428445&r2=428446
==============================================================================
--- tags/11.14.1/apps/app_confbridge.c (original)
+++ tags/11.14.1/apps/app_confbridge.c Thu Nov 20 11:10:03 2014
@@ -3189,7 +3189,7 @@
 		ast_log(LOG_ERROR, "Unable to load config. Not loading module.\n");
 		return AST_MODULE_LOAD_DECLINE;
 	}
-	if ((ast_custom_function_register(&confbridge_function))) {
+	if ((ast_custom_function_register_escalating(&confbridge_function, AST_CFE_WRITE))) {
 		return AST_MODULE_LOAD_FAILURE;
 	}
 	if ((ast_custom_function_register(&confbridge_info_function))) {
@@ -3220,7 +3220,7 @@
 	res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL, action_confbridgekick);
 	res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL, action_confbridgeunlock);
 	res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL, action_confbridgelock);
-	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_CALL, action_confbridgestartrecord);
+	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_SYSTEM, action_confbridgestartrecord);
 	res |= ast_manager_register_xml("ConfbridgeStopRecord", EVENT_FLAG_CALL, action_confbridgestoprecord);
 	res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc", EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc);
 	if (res) {