[svn-commits] bebuild: tag certified-11.6-cert8 r428447 - in /certified/tags/11.6-cert8: ./...
    SVN commits to the Digium repositories 
    svn-commits at lists.digium.com
       
    Thu Nov 20 11:11:16 CST 2014
    
    
  
Author: bebuild
Date: Thu Nov 20 11:11:13 2014
New Revision: 428447
URL: http://svnview.digium.com/svn/asterisk?view=rev&rev=428447
Log:
Merge r428344 for AST-2014-017
Modified:
    certified/tags/11.6-cert8/   (props changed)
    certified/tags/11.6-cert8/ChangeLog
    certified/tags/11.6-cert8/apps/app_confbridge.c
Propchange: certified/tags/11.6-cert8/
------------------------------------------------------------------------------
Binary property 'branch-11-merged' - no diff available.
Propchange: certified/tags/11.6-cert8/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Thu Nov 20 11:11:13 2014
@@ -1,3 +1,3 @@
 /branches/11:399513,401167,401179,401182,415825
 /certified/branches/1.8.15:382389
-/certified/branches/11.6:423426,426053,428300,428397,428432
+/certified/branches/11.6:423426,426053,428300,428344,428397,428432
Modified: certified/tags/11.6-cert8/ChangeLog
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert8/ChangeLog?view=diff&rev=428447&r1=428446&r2=428447
==============================================================================
--- certified/tags/11.6-cert8/ChangeLog (original)
+++ certified/tags/11.6-cert8/ChangeLog Thu Nov 20 11:11:13 2014
@@ -26,6 +26,25 @@
 
 	  ASTERISK-24440 #close
 	  Reported by: Ben Klang
+
+	* AST-2014-017 - app_confbridge: permission escalation/ class
+	  authorization.
+
+	  Confbridge dialplan function permission escalation via AMI and
+	  inappropriate class authorization on the ConfbridgeStartRecord action.
+	  The CONFBRIDGE dialplan function when executed from an external
+	  protocol (for instance AMI), could result in a privilege escalation.
+	  Also, the AMI action âConfbridgeStartRecordâ could also be used to
+	  execute arbitrary system commands without first checking for system
+	  access.
+
+	  Asterisk now inhibits the CONFBRIDGE function from being executed
+	  from an external interface if the live_dangerously option is set to
+	  no. Also, the âConfbridgeStartRecordâ AMI action is now only allowed
+	  to execute under a user with system level access.
+
+	  ASTERISK-24490
+	  Reported by: Gareth Palmer
 
 	* AST-2014-018 - func_db: DB Dialplan function permission escalation
 	  via AMI.
Modified: certified/tags/11.6-cert8/apps/app_confbridge.c
URL: http://svnview.digium.com/svn/asterisk/certified/tags/11.6-cert8/apps/app_confbridge.c?view=diff&rev=428447&r1=428446&r2=428447
==============================================================================
--- certified/tags/11.6-cert8/apps/app_confbridge.c (original)
+++ certified/tags/11.6-cert8/apps/app_confbridge.c Thu Nov 20 11:11:13 2014
@@ -3102,7 +3102,7 @@
 		ast_log(LOG_ERROR, "Unable to load config. Not loading module.\n");
 		return AST_MODULE_LOAD_DECLINE;
 	}
-	if ((ast_custom_function_register(&confbridge_function))) {
+	if ((ast_custom_function_register_escalating(&confbridge_function, AST_CFE_WRITE))) {
 		return AST_MODULE_LOAD_FAILURE;
 	}
 	if ((ast_custom_function_register(&confbridge_info_function))) {
@@ -3133,7 +3133,7 @@
 	res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL, action_confbridgekick);
 	res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL, action_confbridgeunlock);
 	res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL, action_confbridgelock);
-	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_CALL, action_confbridgestartrecord);
+	res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_SYSTEM, action_confbridgestartrecord);
 	res |= ast_manager_register_xml("ConfbridgeStopRecord", EVENT_FLAG_CALL, action_confbridgestoprecord);
 	res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc", EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc);
 	if (res) {
    
    
More information about the svn-commits
mailing list