[svn-commits] r415832 - svn:log
    SVN commits to the Digium repositories 
    svn-commits at lists.digium.com
       
    Thu Jun 12 10:35:03 CDT 2014
    
    
  
Author: jrose
Revision: 415832
Modified property: svn:log
Modified: svn:log at Thu Jun 12 10:35:03 2014
------------------------------------------------------------------------------
--- svn:log (original)
+++ svn:log Thu Jun 12 10:35:03 2014
@@ -1,7 +1,15 @@
-MixMonitor: Add privelege requirements to Start/Stop MixMonitor AMI commands
+MixMontior: Add class authorization requirements to MixMonitor AMI commands
+
+MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked class
+authorization. StopMixMonitor now requires that the manager user either have
+the call or system class authorization. StartMixMonitor is a slightly larger
+issue since it can execute shell commands if the right arguments are passed
+into it, and we consider this a permission escalation. A security release
+will be issued for problem this shortly.
 
 ASTERISK-23609 #close
 Reported by: Corey Farrell
+
 ........
 
 Merged revisions 415825 from http://svn.asterisk.org/svn/asterisk/branches/11
    
    
More information about the svn-commits
mailing list