[Secure-testing-team] Bug#668397: wicd: Local privilege escalation
Arno Töll
arno at debian.org
Wed Apr 11 15:27:10 UTC 2012
Package: wicd
Severity: critical
Tags: security
Justification: root security hole
It was discovered, wicd in any version supported by Debian (i.e. stable,
testing and unstable) yields to local privilege escalation by injecting
arbitrary code through the DBus interface due to incomplete input
sanitation.
I've briefly verified offending code against the Squeeze and Sid version
of the package but I didn't try to reproduce the steps to exploit wicd.
As far as I know there is no upstream fix available.
Details can be found on [1] or via Full Disclosure post [2].
[1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html
[2] <00e301cd17f2$0b33efd0$219bcf70$@com> / http://seclists.org/fulldisclosure/2012/Apr/123
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.11arno1 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the Secure-testing-team
mailing list