AST-2012-013: Resolve ACL rules being ignored during calls by some IAX2 peers - asterisk.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Matthew Jordan <mjordan@digium.com>	2012-08-30 16:25:34 +0000
committer	Matthew Jordan <mjordan@digium.com>	2012-08-30 16:25:34 +0000
commit	acbe1f90e704680c0ae56c0303123fde696adad3 (patch)
tree	879afb53969d364466a228ea71683484a5744ed1 /apps
parent	d624f2c550e862fd016eba9cdff7187d2c4757dc (diff)

AST-2012-013: Resolve ACL rules being ignored during calls by some IAX2 peers

When an IAX2 call is made using the credentials of a peer defined in a dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that peer are not applied to the call attempt. This allows for a remote attacker who is aware of a peer's credentials to bypass the ACL rules set for that peer. This patch ensures that the ACLs are applied for all peers, regardless of their storage mechanism. (closes issue ASTERISK-20186) Reported by: Alan Frisch Tested by: mjordan, Alan Frisch ........ Merged revisions 372028 from http://svn.asterisk.org/svn/asterisk/branches/11 git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@372029 65c4cc65-6c06-0410-ace0-fbb531ad65f3

Diffstat (limited to 'apps')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: