The following issue was made public in the AST-2014-017 advisory [1][2]: The CONFBRIDGE dialplan function when executed from an external protocol (for instance AMI), could result in a privilege escalation. Also, the AMI action "ConfbridgeStartRecord" could also be used to execute arbitrary system commands without first checking for system access. Patches for this issue are linked to in the AST-2014-017 [1][2] advisory. References: [1] http://downloads.asterisk.org/pub/security/AST-2014-017.pdf [2] http://seclists.org/fulldisclosure/2014/Nov/70
Created asterisk tracking bugs for this issue: Affects: fedora-all [bug 1166690]
This issue is assigned CVE-2014-8417.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.