Bug#668397: marked as done (wicd: Local privilege escalation)

[Debian Bug Tracking System]

Your message dated Wed, 02 May 2012 22:35:22 +0000
with message-id <e1spi8o-0002bv...@franck.debian.org>
and subject line Bug#668397: fixed in wicd 1.7.0+ds1-5+squeeze2
has caused the Debian Bug report #668397,
regarding wicd: Local privilege escalation
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
668397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: wicd
Severity: critical
Tags: security
Justification: root security hole

It was discovered, wicd in any version supported by Debian (i.e. stable,
testing and unstable) yields to local privilege escalation by injecting
arbitrary code through the DBus interface due to incomplete input
sanitation.

I've briefly verified offending code against the Squeeze and Sid version
of the package but I didn't try to reproduce the steps to exploit wicd.
As far as I know there is no upstream fix available.


Details can be found on [1] or via Full Disclosure post [2].

[1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html
[2] <00e301cd17f2$0b33efd0$219bcf70$@com> / 
http://seclists.org/fulldisclosure/2012/Apr/123


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.11arno1 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: wicd
Source-Version: 1.7.0+ds1-5+squeeze2

We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:

python-wicd_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/python-wicd_1.7.0+ds1-5+squeeze2_all.deb
wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
wicd_1.7.0+ds1-5+squeeze2.dsc
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze2.dsc
wicd_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <da...@debian.org> (supplier of updated wicd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 01 May 2012 22:59:35 +0200
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.0+ds1-5+squeeze2
Distribution: proposed-updates
Urgency: low
Maintainer: David Paleino <da...@debian.org>
Changed-By: David Paleino <da...@debian.org>
Description: 
 python-wicd - wired and wireless network manager - Python module
 wicd       - wired and wireless network manager - metapackage
 wicd-cli   - wired and wireless network manager - scriptable cli client
 wicd-curses - wired and wireless network manager - Curses client
 wicd-daemon - wired and wireless network manager - daemon
 wicd-gtk   - wired and wireless network manager - GTK+ client
Closes: 668397
Changes: 
 wicd (1.7.0+ds1-5+squeeze2) proposed-updates; urgency=low
 .
   * debian/patches/:
     - 31-fix_local_privilege_escalation.patch, CVE-2012-2095,
       improved. Really fixes the bug. (Closes: #668397)
Checksums-Sha1: 
 f474d1842f2c19c9e6c761d7305af8cccd4f4c83 1489 wicd_1.7.0+ds1-5+squeeze2.dsc
 63d632a6a7ef9567578d85ffca2527bd55d33ff8 29442 
wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
 1ba0c7c1a6c6b2ef52551de00a6917364e53e61c 40998 
wicd_1.7.0+ds1-5+squeeze2_all.deb
 732d7c30bc029434aa0ee1d3a114682316c401ca 278824 
wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
 a2116f72c3c9397eaec90158b58ae617f44bb02d 142162 
wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
 b5655b6bb9b0eb9fa190429edb7b58a2f4f14652 70632 
wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
 18371dd10cc1db1ed0725373c19b448ee28ae75f 44340 
wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
 17247e61e47d3a5b0eb59a1d258611a1fa048b9d 77038 
python-wicd_1.7.0+ds1-5+squeeze2_all.deb
Checksums-Sha256: 
 da256880e5fb9a5b4b42cc8f41511880b33982438fe6ab5e9b1b4ee9389b2d3c 1489 
wicd_1.7.0+ds1-5+squeeze2.dsc
 1bc325da24e78a4d2cbff75fa321a90825b293be984f3af2fb5de3a7c65e4da6 29442 
wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
 fce9d194ea428b7cc264fb222ff5384ef3fa28eb2110ebf4ee8caf6eeb71a463 40998 
wicd_1.7.0+ds1-5+squeeze2_all.deb
 13d6cfb4474a6cd09788136f753f4c7b0c60a235db3ed6b9abbd8411d5f8fce0 278824 
wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
 152e9197265797b13ac4af2442abe5dc32564f33a1ddb31df35bb377eb309e63 142162 
wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
 3399a697f5a12da936e836ff8fe1afea74ef690b11897dec8c4af088b25d70a5 70632 
wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
 3f0261d8dcceecf1ba9efe15697602de2e5dd1f81b021c95fd7c019d421a109a 44340 
wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
 ee50d9963355bc131401ab8cf203ad40fa3882310b75bbae6f33193021c60942 77038 
python-wicd_1.7.0+ds1-5+squeeze2_all.deb
Files: 
 b007ee5399136594172e45d2346396b5 1489 net optional 
wicd_1.7.0+ds1-5+squeeze2.dsc
 dd7c67708ce3cb651057f3ca95b7ab45 29442 net optional 
wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
 328244f9b60e77224c4265f4a11febca 40998 net optional 
wicd_1.7.0+ds1-5+squeeze2_all.deb
 cf8e2a9375f6b9d0207e2f94ca08b95c 278824 net optional 
wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
 cc392ed4186c286f0d59099029205f68 142162 net optional 
wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
 d5a971db7a6ca54aa53427d12de5ac63 70632 net optional 
wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
 eeb2e732af206ba22347ac451603ace4 44340 net optional 
wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
 83383a567e290374191f0ef7008c27c0 77038 python optional 
python-wicd_1.7.0+ds1-5+squeeze2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+gT4AACgkQ5qqQFxOSsXTawwCgijHTRFGat0VG6NOaOesO2jxy
rgEAoMkAENi9C8jXPFTEstnQaHt7/2FV
=/1q2
-----END PGP SIGNATURE-----

--- End Message ---