Bug#668397: marked as done (wicd: Local privilege escalation)

[Debian Bug Tracking System]

Your message dated Wed, 25 Apr 2012 18:52:04 +0000
with message-id <e1sn7js-0003zq...@franck.debian.org>
and subject line Bug#668397: fixed in wicd 1.7.0+ds1-5+squeeze1
has caused the Debian Bug report #668397,
regarding wicd: Local privilege escalation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
668397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wicd
Severity: critical
Tags: security
Justification: root security hole

It was discovered, wicd in any version supported by Debian (i.e. stable,
testing and unstable) yields to local privilege escalation by injecting
arbitrary code through the DBus interface due to incomplete input
sanitation.

I've briefly verified offending code against the Squeeze and Sid version
of the package but I didn't try to reproduce the steps to exploit wicd.
As far as I know there is no upstream fix available.


Details can be found on [1] or via Full Disclosure post [2].

[1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html
[2] <00e301cd17f2$0b33efd0$219bcf70$@com> / 
http://seclists.org/fulldisclosure/2012/Apr/123


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.11arno1 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: wicd
Source-Version: 1.7.0+ds1-5+squeeze1

We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:

python-wicd_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/python-wicd_1.7.0+ds1-5+squeeze1_all.deb
wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
wicd_1.7.0+ds1-5+squeeze1.dsc
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze1.dsc
wicd_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <da...@debian.org> (supplier of updated wicd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 24 Apr 2012 22:05:28 +0200
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.0+ds1-5+squeeze1
Distribution: proposed-updates
Urgency: low
Maintainer: David Paleino <da...@debian.org>
Changed-By: David Paleino <da...@debian.org>
Description: 
 python-wicd - wired and wireless network manager - Python module
 wicd       - wired and wireless network manager - metapackage
 wicd-cli   - wired and wireless network manager - scriptable cli client
 wicd-curses - wired and wireless network manager - Curses client
 wicd-daemon - wired and wireless network manager - daemon
 wicd-gtk   - wired and wireless network manager - GTK+ client
Closes: 668397
Changes: 
 wicd (1.7.0+ds1-5+squeeze1) proposed-updates; urgency=low
 .
   * debian/patches/:
     - fix local privilege escalation, CVE-2012-2095
       (31-fix_local_privilege_escalation.patch) (Closes: #668397)
Checksums-Sha1: 
 326d921becac8f850f6c45d613c6ebfa097405e8 1489 wicd_1.7.0+ds1-5+squeeze1.dsc
 251ac947d5c6b5b558b1d75cb5871f7594eaa6d3 29353 
wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
 7e0e7c65bfca86ea0c18242188844c53af44d07f 40966 
wicd_1.7.0+ds1-5+squeeze1_all.deb
 39dab70306825a3744d3f4de5204a44d487e082e 278794 
wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
 1829dda4c7d0d35c52122d88dae4f8f8d9c13051 142160 
wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
 d53272e135a09d0db8e0cd76b3089bf6ae352a1b 70624 
wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
 2b1eec94dc99b2b2167e4a02b7b0b0858a5f520c 44312 
wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
 5a1f1b84b5429ee090ec1ae2ac5fa8286085d04e 76972 
python-wicd_1.7.0+ds1-5+squeeze1_all.deb
Checksums-Sha256: 
 4b0c3a41f17f92d7952d35fcde6ba2a9d4886975fa36db2acc60b15058d6d3d5 1489 
wicd_1.7.0+ds1-5+squeeze1.dsc
 81493438f7d3682674bd26257a46715115e6874e72f438b100028fffa4c39f68 29353 
wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
 38bec53092c7377644c4e501a2af96648ea970ceb06af4d1858f78729272acd7 40966 
wicd_1.7.0+ds1-5+squeeze1_all.deb
 e6f8f426912c6e68df712f490e4bcf9e817fbf537eca803a9d1bca74a1bcbcea 278794 
wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
 30933ccb2690dfe54f39555018001aafa6d4194b82858fae5deaaae748187816 142160 
wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
 41b228a08200d12ccdc9012f446592d33b0e876474da0aa82441f614c14dc0ee 70624 
wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
 0f633ce77f247a3d3840b458f9d656361e30506d705c3a0b6a169328fc0bf95d 44312 
wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
 c4b9e21a005f348b00c0ef9552627b4fe0f972df64cf15ca83f1fee07586c1cc 76972 
python-wicd_1.7.0+ds1-5+squeeze1_all.deb
Files: 
 47039e49424a287fde47ffb437bf70eb 1489 net optional 
wicd_1.7.0+ds1-5+squeeze1.dsc
 1568c0c5cd48d1becc67bf25b98d5381 29353 net optional 
wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
 fc805b6c4bf64c35f9ac889997a4285e 40966 net optional 
wicd_1.7.0+ds1-5+squeeze1_all.deb
 2013a042553cb728059a9614944397d6 278794 net optional 
wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
 151274b7b6311a34c25fbe6e1632ceee 142160 net optional 
wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
 a2f67969c23acb83000890565fba3d4f 70624 net optional 
wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
 53dd6e1f52139b482c4f945f8368d191 44312 net optional 
wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
 164e564a1f42cb3fdd58ff0c896619c8 76972 python optional 
python-wicd_1.7.0+ds1-5+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+XCIkACgkQ5qqQFxOSsXRPBgCfXve1PzWsTE9/tzDzVxFPcfWn
SR8AnjMpEHPenl8F6c1fqIskjHHvg1Yd
=Jf+t
-----END PGP SIGNATURE-----

--- End Message ---