On Wed, 11 Apr 2012 21:51:16 +0100, Jonathan Wiltshire wrote:
> On Wed, Apr 11, 2012 at 05:27:10PM +0200, Arno Töll wrote:
> > I've briefly verified offending code against the Squeeze and Sid version
> > of the package but I didn't try to reproduce the steps to exploit wicd.
>
> I did try the ste
On Wed, Apr 11, 2012 at 05:27:10PM +0200, Arno Töll wrote:
> I've briefly verified offending code against the Squeeze and Sid version
> of the package but I didn't try to reproduce the steps to exploit wicd.
I did try the steps, or a variation on them, and confirmed that the package
is exploitable
Hi,
* Arno Töll [2012-04-11 17:32]:
> Package: wicd
> Severity: critical
> Tags: security
> Justification: root security hole
>
> It was discovered, wicd in any version supported by Debian (i.e. stable,
> testing and unstable) yields to local privilege escalation by injecting
> arbitrary code thr
On Wed, 11 Apr 2012 17:27:10 +0200, Arno Töll wrote:
> It was discovered, wicd in any version supported by Debian (i.e. stable,
> testing and unstable) yields to local privilege escalation by injecting
> arbitrary code through the DBus interface due to incomplete input
> sanitation.
>
> I've brie
Package: wicd
Severity: critical
Tags: security
Justification: root security hole
It was discovered, wicd in any version supported by Debian (i.e. stable,
testing and unstable) yields to local privilege escalation by injecting
arbitrary code through the DBus interface due to incomplete input
sanit
5 matches
Mail list logo
