Skip to content
Snippets Groups Projects
Commit 064bd035 authored by Jonathan Rose's avatar Jonathan Rose
Browse files

MixMonitor: Add class authorization requirements to MixMonitor AMI commands

MixMonitor AMI commands StartMixMonitor and StopMixMonitor lacked class
authorization. StopMixMonitor now requires that the manager user either have
the call or system class authorization. StartMixMonitor is a slightly larger
issue since it can execute shell commands if the right arguments are passed
into it, and we consider this a permission escalation. A security release
will be issued for problem this shortly.

ASTERISK-23609 #close
Reported by: Corey Farrell


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@415825 65c4cc65-6c06-0410-ace0-fbb531ad65f3
parent 33a4ae86
No related branches found
No related tags found
No related merge requests found
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment