asterisk/funcs at a36c7c9c955e27e154f98e3d1c327804d7381a30 - asterisk - Gitea

kenmirrors/asterisk

mirror of https://github.com/asterisk/asterisk.git synced 2025-11-09 11:28:25 +00:00

Files

History

Kevin Harwell a36c7c9c95 AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.

The DB dialplan function when executed from an external protocol (for instance
AMI), could result in a privilege escalation.

Asterisk now inhibits the DB function from being executed from an external
interface if the live_dangerously option is set to no.

ASTERISK-24534
Reported by: Gareth Palmer
patches: submitted by Gareth Palmer (license 5169)


git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/1.8@428331 65c4cc65-6c06-0410-ace0-fbb531ad65f3

2014-11-20 15:29:34 +00:00

..

func_aes.c

Fix many issues from the NULL_RETURNS Coverity report

2012-05-04 22:12:55 +00:00

func_audiohookinherit.c

func_audiohookinheritance: Check If A Channel Was Specified

2014-03-04 19:32:21 +00:00

func_base64.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_blacklist.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_callcompletion.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_callerid.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_cdr.c

Coverity Report: Fix issues for error type UNINIT in Core supported modules

2012-05-10 15:35:33 +00:00

func_channel.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_config.c

func_config: Change 'Not Found' message from ERROR to DEBUG

2014-08-18 20:14:32 +00:00

func_curl.c

Have func_curl log a warning when a curl request fails.

2013-03-20 20:22:40 +00:00

func_cut.c

Clean up and ensure proper usage of alloca()

2012-07-31 19:31:42 +00:00

func_db.c

AST-2014-018 - func_db: DB Dialplan function permission escalation via AMI.

2014-11-20 15:29:34 +00:00

func_devstate.c

Prevent exhaustion of system resources through exploitation of event cache

2013-01-02 16:54:20 +00:00

func_dialgroup.c

Fix incorrect usages of ast_realloc().

2013-09-10 17:53:58 +00:00

func_dialplan.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_enum.c

Allow Asterisk to compile under GCC 4.10

2014-05-09 22:18:59 +00:00

func_env.c

Fix 32bit build for func_env

2014-05-09 23:02:22 +00:00

func_extstate.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_frame_trace.c

datastores: Audit ast_channel_datastore_remove usage.

2014-07-28 18:27:56 +00:00

func_global.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_groupcount.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_iconv.c

Allow Asterisk to compile under GCC 4.10

2014-05-09 22:18:59 +00:00

func_lock.c

security: Inhibit execution of privilege escalating functions

2013-12-16 16:36:52 +00:00

func_logic.c

Clean up and ensure proper usage of alloca()

2012-07-31 19:31:42 +00:00

func_math.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_md5.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_module.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_odbc.c

func_odbc: Fix fixed size buffers fix (r414968).

2014-06-03 07:31:37 +00:00

func_pitchshift.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_rand.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_realtime.c

security: Inhibit execution of privilege escalating functions

2013-12-16 16:36:52 +00:00

func_sha1.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_shell.c

security: Inhibit execution of privilege escalating functions

2013-12-16 16:36:52 +00:00

func_speex.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

func_sprintf.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_srv.c

Allow Asterisk to compile under GCC 4.10

2014-05-09 22:18:59 +00:00

func_strings.c

Allow the PUSH and UNSHIFT functions to set inheritable channel variables.

2014-06-17 18:22:31 +00:00

func_sysinfo.c

Allow Asterisk to compile under GCC 4.10

2014-05-09 22:18:59 +00:00

func_timeout.c

Fix ast_app_dtget() time unit inconsistency.

2012-01-21 00:20:07 +00:00

func_uri.c

func_uri: URIENCODE/URIDECODE - allow empty strings as argument

2014-07-15 17:19:52 +00:00

func_version.c

Fix documentation for ${VERSION(ASTERISK_VERSION_NUM)}.

2012-04-19 21:58:01 +00:00

func_vmcount.c

Introduce <support_level> tags in MODULEINFO.

2011-07-14 20:13:06 +00:00

func_volume.c

Fix dialplan function NULL channel safety issues

2014-03-27 19:06:13 +00:00

Makefile

Merged revisions 207647 via svnmerge from

2009-07-21 13:28:04 +00:00