On Wed, 11 Apr 2012 17:27:10 +0200, Arno Töll wrote: > It was discovered, wicd in any version supported by Debian (i.e. stable, > testing and unstable) yields to local privilege escalation by injecting > arbitrary code through the DBus interface due to incomplete input > sanitation. > > I've briefly verified offending code against the Squeeze and Sid version > of the package but I didn't try to reproduce the steps to exploit wicd. > As far as I know there is no upstream fix available.
JFTR: it would've been MUCH nicer if the student who found this bug contacted me, as wicd upstream, beforehand. Now I must rush not to make all boxes out there running wicd rootable. Nice. Thanks very much for your report Arno, will take all the necessary steps to fix it. David -- . ''`. Debian developer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 ----|---- http://deb.li/dapal `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
signature.asc
Description: PGP signature