Hi,
* Arno Töll <a...@debian.org> [2012-04-11 17:32]:
> Package: wicd
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> It was discovered, wicd in any version supported by Debian (i.e. stable,
> testing and unstable) yields to local privilege escalation by injecting
> arbitrary code through the DBus interface due to incomplete input
> sanitation.
> 
> I've briefly verified offending code against the Squeeze and Sid version
> of the package but I didn't try to reproduce the steps to exploit wicd.
> As far as I know there is no upstream fix available.
> 
> 
> Details can be found on [1] or via Full Disclosure post [2].
> 
> [1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> [2] <00e301cd17f2$0b33efd0$219bcf70$@com> / 
> http://seclists.org/fulldisclosure/2012/Apr/123

CVE-2012-2095 has been assigned to this issue. Please mention this id when 
uploading a fix.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpL6CwZEUq8V.pgp
Description: PGP signature

Reply via email to