Skip to content
Snippets Groups Projects
Commit 009d95c7 authored by Kevin Harwell's avatar Kevin Harwell
Browse files

AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI. 

The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)
........

Merged revisions 428331 from http://svn.asterisk.org/svn/asterisk/branches/1.8
........

Merged revisions 428363 from http://svn.asterisk.org/svn/asterisk/branches/11


git-svn-id: https://origsvn.digium.com/svn/asterisk/certified/branches/11.6@428397 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent 7d03c1ec
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment