git.ipfire.org Git - thirdparty/asterisk.git/commit

author	Kevin Harwell <kharwell@digium.com>
	Thu, 20 Nov 2014 16:34:30 +0000 (16:34 +0000)
committer	Kevin Harwell <kharwell@digium.com>
	Thu, 20 Nov 2014 16:34:30 +0000 (16:34 +0000)
commit	e2181139c985ae35174f956020e69f1ee07fa2f8
tree	d08b8c0f0d702cb82e9d6206e0530b83facd5742	tree
parent	ddc3f4846f3b3d509cdb5f49f0d823de059f737a	commit \| diff

AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.

The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)
........

Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11
........

Merged revisions 428409 from http://svn.asterisk.org/svn/asterisk/branches/12

git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/13@428413 65c4cc65-6c06-0410-ace0-fbb531ad65f3