From 060ced4b54367f9822daaffe456da4460c04947c Mon Sep 17 00:00:00 2001 From: Kevin Harwell Date: Thu, 20 Nov 2014 15:42:01 +0000 Subject: [PATCH] AST-2014-017 - app_confbridge: permission escalation/ class authorization. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Confbridge dialplan function permission escalation via AMI and inappropriate class authorization on the ConfbridgeStartRecord action. The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action “ConfbridgeStartRecord” could also be used to execute arbitrary system commands without first checking for system access. Asterisk now inhibits the CONFBRIDGE function from being executed from an external interface if the live_dangerously option is set to no. Also, the “ConfbridgeStartRecord” AMI action is now only allowed to execute under a user with system level access. ASTERISK-24490 Reported by: Gareth Palmer git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@428332 65c4cc65-6c06-0410-ace0-fbb531ad65f3 --- apps/app_confbridge.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/app_confbridge.c b/apps/app_confbridge.c index 70844d6a4b..2fa7904e10 100644 --- a/apps/app_confbridge.c +++ b/apps/app_confbridge.c @@ -3189,7 +3189,7 @@ static int load_module(void) ast_log(LOG_ERROR, "Unable to load config. Not loading module.\n"); return AST_MODULE_LOAD_DECLINE; } - if ((ast_custom_function_register(&confbridge_function))) { + if ((ast_custom_function_register_escalating(&confbridge_function, AST_CFE_WRITE))) { return AST_MODULE_LOAD_FAILURE; } if ((ast_custom_function_register(&confbridge_info_function))) { @@ -3220,7 +3220,7 @@ static int load_module(void) res |= ast_manager_register_xml("ConfbridgeKick", EVENT_FLAG_CALL, action_confbridgekick); res |= ast_manager_register_xml("ConfbridgeUnlock", EVENT_FLAG_CALL, action_confbridgeunlock); res |= ast_manager_register_xml("ConfbridgeLock", EVENT_FLAG_CALL, action_confbridgelock); - res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_CALL, action_confbridgestartrecord); + res |= ast_manager_register_xml("ConfbridgeStartRecord", EVENT_FLAG_SYSTEM, action_confbridgestartrecord); res |= ast_manager_register_xml("ConfbridgeStopRecord", EVENT_FLAG_CALL, action_confbridgestoprecord); res |= ast_manager_register_xml("ConfbridgeSetSingleVideoSrc", EVENT_FLAG_CALL, action_confbridgesetsinglevideosrc); if (res) {