kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2026-05-02 11:27:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
915de454f806387d00aef0eb38424d578c7e9ef9
asterisk/apps/app_mixmonitor.c
Jonathan Rose 064bd035e7 MixMonitor: Add class authorization requirements to MixMonitor AMI commands 
MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked class
authorization. StopMixMonitor now requires that the manager user either have
the call or system class authorization. StartMixMonitor is a slightly larger
issue since it can execute shell commands if the right arguments are passed
into it, and we consider this a permission escalation. A security release
will be issued for problem this shortly.

ASTERISK-23609 #close
Reported by: Corey Farrell


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@415825 65c4cc65-6c06-0410-ace0-fbb531ad65f3
2014-06-12 15:22:02 +00:00

44 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink