Arno Töll
2012-Apr-11 15:27 UTC
[Secure-testing-team] Bug#668397: wicd: Local privilege escalation
Package: wicd Severity: critical Tags: security Justification: root security hole It was discovered, wicd in any version supported by Debian (i.e. stable, testing and unstable) yields to local privilege escalation by injecting arbitrary code through the DBus interface due to incomplete input sanitation. I''ve briefly verified offending code against the Squeeze and Sid version of the package but I didn''t try to reproduce the steps to exploit wicd. As far as I know there is no upstream fix available. Details can be found on [1] or via Full Disclosure post [2]. [1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html [2] <00e301cd17f2$0b33efd0$219bcf70$@com> / http://seclists.org/fulldisclosure/2012/Apr/123 -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, ''unstable'') Architecture: amd64 (x86_64) Kernel: Linux 3.2.11arno1 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash