[asterisk-commits] bebuild: tag 13.0.1 r428449 - in /tags/13.0.1: ./ apps/

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Thu Nov 20 11:13:45 CST 2014 

Author: bebuild
Date: Thu Nov 20 11:13:42 2014
New Revision: 428449

URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428449
Log:
Merge r428339 for AST-2014-017

Modified:
    tags/13.0.1/   (props changed)
    tags/13.0.1/ChangeLog
    tags/13.0.1/apps/app_confbridge.c

Propchange: tags/13.0.1/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 20 11:13:42 2014
@@ -1,1 +1,1 @@
-/branches/13:428302,428305,428343,428413,428425
+/branches/13:428302,428305,428339,428343,428413,428425

Modified: tags/13.0.1/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/tags/13.0.1/ChangeLog?view=diff&rev=428449&r1=428448&r2=428449
==============================================================================
--- tags/13.0.1/ChangeLog (original)
+++ tags/13.0.1/ChangeLog Thu Nov 20 11:13:42 2014
@@ -52,6 +52,25 @@
 
 	  ASTERISK-24528 #close
 	  Reported by: Joshua Colp
+
+	* AST-2014-017 - app_confbridge: permission escalation/ class
+	  authorization.
+
+	  Confbridge dialplan function permission escalation via AMI and
+	  inappropriate class authorization on the ConfbridgeStartRecord action.
+	  The CONFBRIDGE dialplan function when executed from an external
+	  protocol (for instance AMI), could result in a privilege escalation.
+	  Also, the AMI action “ConfbridgeStartRecord” could also be used to
+	  execute arbitrary system commands without first checking for system
+	  access.
+
+	  Asterisk now inhibits the CONFBRIDGE function from being executed
+	  from an external interface if the live_dangerously option is set to
+	  no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed
+	  to execute under a user with system level access.
+
+	  ASTERISK-24490
+	  Reported by: Gareth Palmer
 
 	* AST-2014-018 - func_db: DB Dialplan function permission escalation
 	  via AMI.

Modified: tags/13.0.1/apps/app_confbridge.c
URL: http://svnview.digium.com/svn/asterisk/tags/13.0.1/apps/app_confbridge.c?view=diff&rev=428449&r1=428448&r2=428449
==============================================================================
--- tags/13.0.1/apps/app_confbridge.c (original)
+++ tags/13.0.1/apps/app_confbridge.c Thu Nov 20 11:13:42 2014
@@ -3410,7 +3410,7 @@
 
 	res |= ast_register_application_xml(app, confbridge_exec);
 
-	res |= ast_custom_function_register(&confbridge_function);
+	res |= ast_custom_function_register_escalating(&confbridge_function, AST_CFE_WRITE);
 	res |= ast_custom_function_register(&confbridge_info_function);
 
 	res |= ast_cli_register_multiple(cli_confbridge, ARRAY_LEN(cli_confbridge));
@@ -3422,7 +3422,7 @@
 	res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL, action_confbridgekick);
 	res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL, action_confbridgeunlock);
 	res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL, action_confbridgelock);
-	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_CALL, action_confbridgestartrecord);
+	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_SYSTEM, action_confbridgestartrecord);
 	res |= ast_manager_register_xml("ConfbridgeStopRecord", EVENT_FLAG_CALL, action_confbridgestoprecord);
 	res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc", EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc);
 	if (res) {

More information about the asterisk-commits mailing list