** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/1449245
Title: com.canonical.NMOfono.ReadImsiContexts privilege escalation Status in network-manager package in Ubuntu: Fix Released Status in network-manager source package in Trusty: Fix Released Status in network-manager source package in Utopic: Fix Released Status in network-manager source package in Vivid: Fix Released Bug description: Tavis Ormandy reports the following: Apparently you're not happy with me for discussing local privilege escalation on oss-security, so as you requested, here's what appears to be a problem in Ubuntu-specific code. I thought I'd take a quick look at D-Bus services you add in Ubuntu after the usb-creator bug, this one jumps out at me as incorrect: http://bazaar.launchpad.net/~phablet-team/network-manager/ofono-format-cleanup/view/head:/debian/patches/add_ofono _settings_support.patch#L718 Untested, but that really looks like you can call com.canonical.NMOfono.ReadImsiContexts(imsi:"../../../tmp/whatever"), and supply one of those glib keyfiles (i guess you just need to call it "gprs")? Tavis. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1449245/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp