Debian Bug report logs - #668397
wicd: Local privilege escalation

version graph

Package: wicd; Maintainer for wicd is David Paleino <dapal@debian.org>; Source for wicd is src:wicd.

Reported by: Arno Töll <arno@debian.org>

Date: Wed, 11 Apr 2012 15:30:04 UTC

Severity: critical

Tags: confirmed, fixed-upstream, security, upstream

Found in versions wicd/1.7.0+ds1-5+squeeze1, wicd/1.7.2.3-1

Fixed in versions wicd/1.7.2-1, wicd/1.7.2.4-1, wicd/1.7.0+ds1-5+squeeze2

Done: David Paleino <dapal@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, arno@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, David Paleino <dapal@debian.org>:
Bug#668397; Package wicd. (Wed, 11 Apr 2012 15:30:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Arno Töll <arno@debian.org>:
New Bug report received and forwarded. Copy sent to arno@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, David Paleino <dapal@debian.org>. (Wed, 11 Apr 2012 15:30:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Arno Töll <arno@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: wicd: Local privilege escalation
Date: Wed, 11 Apr 2012 17:27:10 +0200
Package: wicd
Severity: critical
Tags: security
Justification: root security hole

It was discovered, wicd in any version supported by Debian (i.e. stable,
testing and unstable) yields to local privilege escalation by injecting
arbitrary code through the DBus interface due to incomplete input
sanitation.

I've briefly verified offending code against the Squeeze and Sid version
of the package but I didn't try to reproduce the steps to exploit wicd.
As far as I know there is no upstream fix available.


Details can be found on [1] or via Full Disclosure post [2].

[1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html
[2] <00e301cd17f2$0b33efd0$219bcf70$@com> / http://seclists.org/fulldisclosure/2012/Apr/123


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.11arno1 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash




Information forwarded to debian-bugs-dist@lists.debian.org, David Paleino <dapal@debian.org>:
Bug#668397; Package wicd. (Wed, 11 Apr 2012 19:57:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to dapal@debian.org:
Extra info received and forwarded to list. Copy sent to David Paleino <dapal@debian.org>. (Wed, 11 Apr 2012 19:57:04 GMT) Full text and rfc822 format available.

Message #10 received at 668397@bugs.debian.org (full text, mbox):

From: David Paleino <dapal@debian.org>
To: 668397@bugs.debian.org
Cc: Arno Töll <arno@debian.org>
Subject: Re: Bug#668397: wicd: Local privilege escalation
Date: Wed, 11 Apr 2012 21:53:05 +0200
[Message part 1 (text/plain, inline)]
On Wed, 11 Apr 2012 17:27:10 +0200, Arno Töll wrote:

> It was discovered, wicd in any version supported by Debian (i.e. stable,
> testing and unstable) yields to local privilege escalation by injecting
> arbitrary code through the DBus interface due to incomplete input
> sanitation.
> 
> I've briefly verified offending code against the Squeeze and Sid version
> of the package but I didn't try to reproduce the steps to exploit wicd.
> As far as I know there is no upstream fix available.

JFTR: it would've been MUCH nicer if the student who found this bug contacted
me, as wicd upstream, beforehand. Now I must rush not to make all boxes out
there running wicd rootable. Nice.

Thanks very much for your report Arno, will take all the necessary steps to
fix it.

David

-- 
 . ''`.   Debian developer | http://wiki.debian.org/DavidPaleino
 : :'  : Linuxer #334216 --|-- http://www.hanskalabs.net/
 `. `'`  GPG: 1392B174 ----|---- http://deb.li/dapal
   `-   2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
[signature.asc (application/pgp-signature, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, David Paleino <dapal@debian.org>:
Bug#668397; Package wicd. (Wed, 11 Apr 2012 20:24:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to David Paleino <dapal@debian.org>. (Wed, 11 Apr 2012 20:24:02 GMT) Full text and rfc822 format available.

Message #15 received at 668397@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: Arno Töll <arno@debian.org>, 668397@bugs.debian.org
Subject: Re: Bug#668397: wicd: Local privilege escalation
Date: Wed, 11 Apr 2012 22:21:40 +0200
[Message part 1 (text/plain, inline)]
Hi,
* Arno Töll <arno@debian.org> [2012-04-11 17:32]:
> Package: wicd
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> It was discovered, wicd in any version supported by Debian (i.e. stable,
> testing and unstable) yields to local privilege escalation by injecting
> arbitrary code through the DBus interface due to incomplete input
> sanitation.
> 
> I've briefly verified offending code against the Squeeze and Sid version
> of the package but I didn't try to reproduce the steps to exploit wicd.
> As far as I know there is no upstream fix available.
> 
> 
> Details can be found on [1] or via Full Disclosure post [2].
> 
> [1] http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> [2] <00e301cd17f2$0b33efd0$219bcf70$@com> / http://seclists.org/fulldisclosure/2012/Apr/123

CVE-2012-2095 has been assigned to this issue. Please mention this id when 
uploading a fix.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]

Added tag(s) upstream, confirmed, pending, and fixed-upstream. Request was from David Paleino <dapal@debian.org> to control@bugs.debian.org. (Wed, 11 Apr 2012 20:51:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, David Paleino <dapal@debian.org>:
Bug#668397; Package wicd. (Wed, 11 Apr 2012 20:54:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to David Paleino <dapal@debian.org>. (Wed, 11 Apr 2012 20:54:06 GMT) Full text and rfc822 format available.

Message #22 received at 668397@bugs.debian.org (full text, mbox):

From: Jonathan Wiltshire <jmw@debian.org>
To: 668397@bugs.debian.org
Subject: Re: Bug#668397: wicd: Local privilege escalation
Date: Wed, 11 Apr 2012 21:51:16 +0100
[Message part 1 (text/plain, inline)]
On Wed, Apr 11, 2012 at 05:27:10PM +0200, Arno Töll wrote:
> I've briefly verified offending code against the Squeeze and Sid version
> of the package but I didn't try to reproduce the steps to exploit wicd.

I did try the steps, or a variation on them, and confirmed that the package
is exploitable. Patch attached, which is basically a reformat of the
researcher's patch and verified to mitigate the problem.


-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

<directhex> i have six years of solaris sysadmin experience, from
            8->10. i am well qualified to say it is made from bonghits
			layered on top of bonghits
[wicdroot.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, David Paleino <dapal@debian.org>:
Bug#668397; Package wicd. (Wed, 11 Apr 2012 21:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to dapal@debian.org:
Extra info received and forwarded to list. Copy sent to David Paleino <dapal@debian.org>. (Wed, 11 Apr 2012 21:27:05 GMT) Full text and rfc822 format available.

Message #27 received at 668397@bugs.debian.org (full text, mbox):

From: David Paleino <dapal@debian.org>
To: 668397@bugs.debian.org
Cc: Jonathan Wiltshire <jmw@debian.org>
Subject: Re: Bug#668397: wicd: Local privilege escalation
Date: Wed, 11 Apr 2012 23:23:15 +0200
[Message part 1 (text/plain, inline)]
On Wed, 11 Apr 2012 21:51:16 +0100, Jonathan Wiltshire wrote:

> On Wed, Apr 11, 2012 at 05:27:10PM +0200, Arno Töll wrote:
> > I've briefly verified offending code against the Squeeze and Sid version
> > of the package but I didn't try to reproduce the steps to exploit wicd.
> 
> I did try the steps, or a variation on them, and confirmed that the package
> is exploitable. Patch attached, which is basically a reformat of the
> researcher's patch and verified to mitigate the problem.

I already committed a fix to the upstream repository, which fixes the same bug
with wired networks too.

  http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751

I'm releasing 1.7.2 right now, please have some patience.


David

-- 
 . ''`.   Debian developer | http://wiki.debian.org/DavidPaleino
 : :'  : Linuxer #334216 --|-- http://www.hanskalabs.net/
 `. `'`  GPG: 1392B174 ----|---- http://deb.li/dapal
   `-   2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174
[signature.asc (application/pgp-signature, attachment)]

Reply sent to David Paleino <dapal@debian.org>:
You have taken responsibility. (Wed, 11 Apr 2012 23:00:05 GMT) Full text and rfc822 format available.

Notification sent to Arno Töll <arno@debian.org>:
Bug acknowledged by developer. (Wed, 11 Apr 2012 23:00:05 GMT) Full text and rfc822 format available.

Message #32 received at 668397-close@bugs.debian.org (full text, mbox):

From: David Paleino <dapal@debian.org>
To: 668397-close@bugs.debian.org
Subject: Bug#668397: fixed in wicd 1.7.2-1
Date: Wed, 11 Apr 2012 22:57:00 +0000
Source: wicd
Source-Version: 1.7.2-1

We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:

python-wicd_1.7.2-1_all.deb
  to main/w/wicd/python-wicd_1.7.2-1_all.deb
wicd-cli_1.7.2-1_all.deb
  to main/w/wicd/wicd-cli_1.7.2-1_all.deb
wicd-curses_1.7.2-1_all.deb
  to main/w/wicd/wicd-curses_1.7.2-1_all.deb
wicd-daemon_1.7.2-1_all.deb
  to main/w/wicd/wicd-daemon_1.7.2-1_all.deb
wicd-gtk_1.7.2-1_all.deb
  to main/w/wicd/wicd-gtk_1.7.2-1_all.deb
wicd_1.7.2-1.debian.tar.gz
  to main/w/wicd/wicd_1.7.2-1.debian.tar.gz
wicd_1.7.2-1.dsc
  to main/w/wicd/wicd_1.7.2-1.dsc
wicd_1.7.2-1_all.deb
  to main/w/wicd/wicd_1.7.2-1_all.deb
wicd_1.7.2.orig.tar.gz
  to main/w/wicd/wicd_1.7.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668397@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <dapal@debian.org> (supplier of updated wicd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 12 Apr 2012 00:03:06 +0200
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.2-1
Distribution: unstable
Urgency: low
Maintainer: David Paleino <dapal@debian.org>
Changed-By: David Paleino <dapal@debian.org>
Description: 
 python-wicd - wired and wireless network manager - Python module
 wicd       - wired and wireless network manager - metapackage
 wicd-cli   - wired and wireless network manager - scriptable console client
 wicd-curses - wired and wireless network manager - Curses client
 wicd-daemon - wired and wireless network manager - daemon
 wicd-gtk   - wired and wireless network manager - GTK+ client
Closes: 658785 668397
Changes: 
 wicd (1.7.2-1) unstable; urgency=low
 .
   * New upstream version
     - fixed local privilege escalation, CVE-2012-2095 (Closes: #668397)
   * Added Indonesian debconf translation, thanks to Mahyuddin
     Susanto (Closes: #658785)
   * Fixed debian/watch to look packages from launchpad
   * Bump Standards-Version to 3.9.3, no changes needed
   * Updated debian/copyright
Checksums-Sha1: 
 91d7b6bfd70c9a4829219fdcf8873e8b54c27c30 1423 wicd_1.7.2-1.dsc
 17659bb9eb354153d2f2e85a11597779f59e480b 435400 wicd_1.7.2.orig.tar.gz
 a097d8ed1f5acf699cdbaee48eefa3eab8ad47eb 25110 wicd_1.7.2-1.debian.tar.gz
 a11082cdc0bc55c9fcf6e2483de7ae94fe86582f 15116 wicd_1.7.2-1_all.deb
 171617e5916e6e2b14fcdabd787caddcf643443f 250584 wicd-daemon_1.7.2-1_all.deb
 27994f90349a6f2b80b1c50a18a5cd219c24800f 117486 wicd-gtk_1.7.2-1_all.deb
 9ca6a8f02a0976a2069c70c6b0781e332ea8cc4c 44718 wicd-curses_1.7.2-1_all.deb
 d794c1a4c9623610a6d0cd4f9e57e792e95d2ec9 18682 wicd-cli_1.7.2-1_all.deb
 dc642fd78a85d807cd0aff45716355db3c343d5d 50000 python-wicd_1.7.2-1_all.deb
Checksums-Sha256: 
 991809e3f9feec134b338e1feed3d800b1dd37c3727e4f8ae40c35af5c9acb2c 1423 wicd_1.7.2-1.dsc
 a901b3e4d501ed61d686409ec107a4eaa5f11f19ffb59f035765fb3cf7d9ccc5 435400 wicd_1.7.2.orig.tar.gz
 deb18f2878a1b8116eddb22629d7b11fb6f46c6dda8f636bd9bb7285bb162264 25110 wicd_1.7.2-1.debian.tar.gz
 2ac8503e8f67866dca3650a36d7259991c90517dac977d7c0643ab690cad69d4 15116 wicd_1.7.2-1_all.deb
 7627e33d9c216a06fd46d24fd4ec3608554b7d09cf81a86d08025b25663e8665 250584 wicd-daemon_1.7.2-1_all.deb
 79a5ad63e1fc723ebd0a8a48753982c5dd24de21fb2444ef165c8f74f8545a65 117486 wicd-gtk_1.7.2-1_all.deb
 fc45bd17e8bc4f67bb21dff10f2ce89a2150db9d4d2aa0f5a345cf9633df94b6 44718 wicd-curses_1.7.2-1_all.deb
 528a148a75c868877c64ef81ad0f0a07735511d1d5e2bdc16c393c578b8e79ec 18682 wicd-cli_1.7.2-1_all.deb
 5f83d6965912ff5fd555bf6ad53e4de4241d28c219133fcc448a04c247ebcf33 50000 python-wicd_1.7.2-1_all.deb
Files: 
 5c891a1c42cbb3f80ade31da50bbb4c6 1423 net optional wicd_1.7.2-1.dsc
 927f60125a97323d1878d83e1a9241ae 435400 net optional wicd_1.7.2.orig.tar.gz
 b563edf845291ba426ee19a8c1aea1f9 25110 net optional wicd_1.7.2-1.debian.tar.gz
 70a95481fde7cd17f29a1145a699d814 15116 net optional wicd_1.7.2-1_all.deb
 b9af4dcf7e9913cf8831feb7af4d4ab6 250584 net optional wicd-daemon_1.7.2-1_all.deb
 dbdd6dc9ab3c8c9ac3086240bb7e6e4f 117486 net optional wicd-gtk_1.7.2-1_all.deb
 db9cc7dcc4de71d54a80b5d063708831 44718 net optional wicd-curses_1.7.2-1_all.deb
 2b3edf93cb32770aeb42b819ed505eb0 18682 net optional wicd-cli_1.7.2-1_all.deb
 89b69b04b5ee82591cc28d87ebbcbd1f 50000 python optional python-wicd_1.7.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+GAAEACgkQ5qqQFxOSsXRrQgCfaAcIRF3Ws3AqDbnWuKgEabr4
5rUAn2rciI2ZA18Fjz6CsZ4AVym94P4z
=DYZy
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, David Paleino <dapal@debian.org>:
Bug#668397; Package wicd. (Sun, 15 Apr 2012 21:42:14 GMT) Full text and rfc822 format available.

Acknowledgement sent to Touko Korpela <touko.korpela@iki.fi>:
Extra info received and forwarded to list. Copy sent to David Paleino <dapal@debian.org>. (Sun, 15 Apr 2012 21:42:14 GMT) Full text and rfc822 format available.

Message #37 received at 668397@bugs.debian.org (full text, mbox):

From: Touko Korpela <touko.korpela@iki.fi>
To: David Paleino <dapal@debian.org>
Cc: 668397@bugs.debian.org, 668456@bugs.debian.org
Subject: Re: pu: package wicd/1.7.0+ds1-5+squeeze1
Date: Mon, 16 Apr 2012 00:40:40 +0300
On Thu, Apr 12, 2012 at 12:31:48AM +0200, David Paleino wrote:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: pu
> 
> Hello RT,
> 
> I'm hereby requesting permission to upload a fix for wicd to p-u, bug #668397
> (CCed), CVE-2012-2095. "git diff" attached.
> 
> The patch for stable is slightly different from the one just pushed in
> unstable: namely, it needed an additional "has_profile", which was used in
> pre-1.7.1 versions.

I think this should be handled via Debian Security Advisory procedure.
It's a root compromise after all (local but still important imho).




Reply sent to David Paleino <dapal@debian.org>:
You have taken responsibility. (Wed, 25 Apr 2012 18:54:05 GMT) Full text and rfc822 format available.

Notification sent to Arno Töll <arno@debian.org>:
Bug acknowledged by developer. (Wed, 25 Apr 2012 18:54:05 GMT) Full text and rfc822 format available.

Message #42 received at 668397-close@bugs.debian.org (full text, mbox):

From: David Paleino <dapal@debian.org>
To: 668397-close@bugs.debian.org
Subject: Bug#668397: fixed in wicd 1.7.0+ds1-5+squeeze1
Date: Wed, 25 Apr 2012 18:52:04 +0000
Source: wicd
Source-Version: 1.7.0+ds1-5+squeeze1

We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:

python-wicd_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/python-wicd_1.7.0+ds1-5+squeeze1_all.deb
wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
wicd_1.7.0+ds1-5+squeeze1.dsc
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze1.dsc
wicd_1.7.0+ds1-5+squeeze1_all.deb
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668397@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <dapal@debian.org> (supplier of updated wicd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 24 Apr 2012 22:05:28 +0200
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.0+ds1-5+squeeze1
Distribution: proposed-updates
Urgency: low
Maintainer: David Paleino <dapal@debian.org>
Changed-By: David Paleino <dapal@debian.org>
Description: 
 python-wicd - wired and wireless network manager - Python module
 wicd       - wired and wireless network manager - metapackage
 wicd-cli   - wired and wireless network manager - scriptable cli client
 wicd-curses - wired and wireless network manager - Curses client
 wicd-daemon - wired and wireless network manager - daemon
 wicd-gtk   - wired and wireless network manager - GTK+ client
Closes: 668397
Changes: 
 wicd (1.7.0+ds1-5+squeeze1) proposed-updates; urgency=low
 .
   * debian/patches/:
     - fix local privilege escalation, CVE-2012-2095
       (31-fix_local_privilege_escalation.patch) (Closes: #668397)
Checksums-Sha1: 
 326d921becac8f850f6c45d613c6ebfa097405e8 1489 wicd_1.7.0+ds1-5+squeeze1.dsc
 251ac947d5c6b5b558b1d75cb5871f7594eaa6d3 29353 wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
 7e0e7c65bfca86ea0c18242188844c53af44d07f 40966 wicd_1.7.0+ds1-5+squeeze1_all.deb
 39dab70306825a3744d3f4de5204a44d487e082e 278794 wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
 1829dda4c7d0d35c52122d88dae4f8f8d9c13051 142160 wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
 d53272e135a09d0db8e0cd76b3089bf6ae352a1b 70624 wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
 2b1eec94dc99b2b2167e4a02b7b0b0858a5f520c 44312 wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
 5a1f1b84b5429ee090ec1ae2ac5fa8286085d04e 76972 python-wicd_1.7.0+ds1-5+squeeze1_all.deb
Checksums-Sha256: 
 4b0c3a41f17f92d7952d35fcde6ba2a9d4886975fa36db2acc60b15058d6d3d5 1489 wicd_1.7.0+ds1-5+squeeze1.dsc
 81493438f7d3682674bd26257a46715115e6874e72f438b100028fffa4c39f68 29353 wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
 38bec53092c7377644c4e501a2af96648ea970ceb06af4d1858f78729272acd7 40966 wicd_1.7.0+ds1-5+squeeze1_all.deb
 e6f8f426912c6e68df712f490e4bcf9e817fbf537eca803a9d1bca74a1bcbcea 278794 wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
 30933ccb2690dfe54f39555018001aafa6d4194b82858fae5deaaae748187816 142160 wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
 41b228a08200d12ccdc9012f446592d33b0e876474da0aa82441f614c14dc0ee 70624 wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
 0f633ce77f247a3d3840b458f9d656361e30506d705c3a0b6a169328fc0bf95d 44312 wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
 c4b9e21a005f348b00c0ef9552627b4fe0f972df64cf15ca83f1fee07586c1cc 76972 python-wicd_1.7.0+ds1-5+squeeze1_all.deb
Files: 
 47039e49424a287fde47ffb437bf70eb 1489 net optional wicd_1.7.0+ds1-5+squeeze1.dsc
 1568c0c5cd48d1becc67bf25b98d5381 29353 net optional wicd_1.7.0+ds1-5+squeeze1.debian.tar.gz
 fc805b6c4bf64c35f9ac889997a4285e 40966 net optional wicd_1.7.0+ds1-5+squeeze1_all.deb
 2013a042553cb728059a9614944397d6 278794 net optional wicd-daemon_1.7.0+ds1-5+squeeze1_all.deb
 151274b7b6311a34c25fbe6e1632ceee 142160 net optional wicd-gtk_1.7.0+ds1-5+squeeze1_all.deb
 a2f67969c23acb83000890565fba3d4f 70624 net optional wicd-curses_1.7.0+ds1-5+squeeze1_all.deb
 53dd6e1f52139b482c4f945f8368d191 44312 net optional wicd-cli_1.7.0+ds1-5+squeeze1_all.deb
 164e564a1f42cb3fdd58ff0c896619c8 76972 python optional python-wicd_1.7.0+ds1-5+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+XCIkACgkQ5qqQFxOSsXRPBgCfXve1PzWsTE9/tzDzVxFPcfWn
SR8AnjMpEHPenl8F6c1fqIskjHHvg1Yd
=Jf+t
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, David Paleino <dapal@debian.org>:
Bug#668397; Package wicd. (Mon, 30 Apr 2012 18:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Julian Taylor <jtaylor.debian@googlemail.com>:
Extra info received and forwarded to list. Copy sent to David Paleino <dapal@debian.org>. (Mon, 30 Apr 2012 18:33:03 GMT) Full text and rfc822 format available.

Message #47 received at 668397@bugs.debian.org (full text, mbox):

From: Julian Taylor <jtaylor.debian@googlemail.com>
To: control@bugs.debian.org, 668397@bugs.debian.org
Subject: patch is nonsense
Date: Mon, 30 Apr 2012 20:28:33 +0200
[Message part 1 (text/plain, inline)]
found 668397 1.7.2.3-1
found 668397 1.7.0+ds1-5+squeeze1
thanks

the patch does nothing useful in terms of sanitation, the exploit still
works fine.

[signature.asc (application/pgp-signature, attachment)]

Marked as found in versions wicd/1.7.2.3-1 and reopened. Request was from Julian Taylor <jtaylor.debian@googlemail.com> to control@bugs.debian.org. (Mon, 30 Apr 2012 18:33:04 GMT) Full text and rfc822 format available.

Marked as found in versions wicd/1.7.0+ds1-5+squeeze1; no longer marked as fixed in versions wicd/1.7.0+ds1-5+squeeze1. Request was from Julian Taylor <jtaylor.debian@googlemail.com> to control@bugs.debian.org. (Mon, 30 Apr 2012 18:33:05 GMT) Full text and rfc822 format available.

Reply sent to David Paleino <dapal@debian.org>:
You have taken responsibility. (Mon, 30 Apr 2012 19:54:03 GMT) Full text and rfc822 format available.

Notification sent to Arno Töll <arno@debian.org>:
Bug acknowledged by developer. (Mon, 30 Apr 2012 19:54:04 GMT) Full text and rfc822 format available.

Message #56 received at 668397-close@bugs.debian.org (full text, mbox):

From: David Paleino <dapal@debian.org>
To: 668397-close@bugs.debian.org
Subject: Bug#668397: fixed in wicd 1.7.2.4-1
Date: Mon, 30 Apr 2012 19:50:31 +0000
Source: wicd
Source-Version: 1.7.2.4-1

We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:

python-wicd_1.7.2.4-1_all.deb
  to main/w/wicd/python-wicd_1.7.2.4-1_all.deb
wicd-cli_1.7.2.4-1_all.deb
  to main/w/wicd/wicd-cli_1.7.2.4-1_all.deb
wicd-curses_1.7.2.4-1_all.deb
  to main/w/wicd/wicd-curses_1.7.2.4-1_all.deb
wicd-daemon_1.7.2.4-1_all.deb
  to main/w/wicd/wicd-daemon_1.7.2.4-1_all.deb
wicd-gtk_1.7.2.4-1_all.deb
  to main/w/wicd/wicd-gtk_1.7.2.4-1_all.deb
wicd_1.7.2.4-1.debian.tar.gz
  to main/w/wicd/wicd_1.7.2.4-1.debian.tar.gz
wicd_1.7.2.4-1.dsc
  to main/w/wicd/wicd_1.7.2.4-1.dsc
wicd_1.7.2.4-1_all.deb
  to main/w/wicd/wicd_1.7.2.4-1_all.deb
wicd_1.7.2.4.orig.tar.gz
  to main/w/wicd/wicd_1.7.2.4.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668397@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <dapal@debian.org> (supplier of updated wicd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 30 Apr 2012 21:32:55 +0200
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.2.4-1
Distribution: unstable
Urgency: high
Maintainer: David Paleino <dapal@debian.org>
Changed-By: David Paleino <dapal@debian.org>
Description: 
 python-wicd - wired and wireless network manager - Python module
 wicd       - wired and wireless network manager - metapackage
 wicd-cli   - wired and wireless network manager - scriptable console client
 wicd-curses - wired and wireless network manager - Curses client
 wicd-daemon - wired and wireless network manager - daemon
 wicd-gtk   - wired and wireless network manager - GTK+ client
Closes: 668397
Changes: 
 wicd (1.7.2.4-1) unstable; urgency=high
 .
   * New upstream version
     - really fix local privilege escalation, CVE-2012-2095 (Closes: #668397)
   * Fixed typo in previous changelog entry
Checksums-Sha1: 
 947d1f37a8c57255f795288aa4f0dfa59500e974 1437 wicd_1.7.2.4-1.dsc
 043321f59bef1eb1d1e49c4c14316deca7e5e1c6 439297 wicd_1.7.2.4.orig.tar.gz
 1ca9da15965b760e17857ea91e4c7bf22e8c4623 25390 wicd_1.7.2.4-1.debian.tar.gz
 13e7504aa10fd1890c8b704139b08a1e23f8461c 15732 wicd_1.7.2.4-1_all.deb
 d3f44f8349558d1064c800e695f800e6a1509bb1 229064 wicd-daemon_1.7.2.4-1_all.deb
 8679e79cf5c8762785653c509c5b6db6aac428c8 118286 wicd-gtk_1.7.2.4-1_all.deb
 10b6feae8d72a9e522e07c7c682fe2a4a3446e41 45170 wicd-curses_1.7.2.4-1_all.deb
 fc74eb0a880b30384f5182986a3d751d2770c6f9 19372 wicd-cli_1.7.2.4-1_all.deb
 7f15b97a7d2e854491e4b9d351479920b3031e4c 50624 python-wicd_1.7.2.4-1_all.deb
Checksums-Sha256: 
 575838d23f9408490be9eb2772530355403fdab50599386781d5cd193d4a2d0d 1437 wicd_1.7.2.4-1.dsc
 dcfdfb5dbbb49dbb9b205fddf064d6b1a4e88f66f1cf40d12fb7fe0e0c7cdc97 439297 wicd_1.7.2.4.orig.tar.gz
 e64c918634c4de5349975d460ff8461ebc068e0c78323ca582fb85301b4fc252 25390 wicd_1.7.2.4-1.debian.tar.gz
 1bda8ef2ea505935b2570cff92f8185725fd675b31bd41d602e2e094a7f8b331 15732 wicd_1.7.2.4-1_all.deb
 1c74df1e54c662f275a6f17f63c7c281a8e0eb2c384317ba5417ae9dc043c422 229064 wicd-daemon_1.7.2.4-1_all.deb
 3649b707fb96d6f6628cb24ab590293ad1eb2ec00d116c72955dee3851d0ac6b 118286 wicd-gtk_1.7.2.4-1_all.deb
 e6f3a42bae309f2e3b82b52e407f76a58f4b26ea47c053e5185434e28a0fdd32 45170 wicd-curses_1.7.2.4-1_all.deb
 4e350f5a0fcf89d21bb5851207fa194dd22ccaf90963031a608483a4e029f465 19372 wicd-cli_1.7.2.4-1_all.deb
 66e2bc08e115144739b041ac025fee99d21a3d764491959b5452deee80a88509 50624 python-wicd_1.7.2.4-1_all.deb
Files: 
 6143eee7be499a334ecb1e9d116198e8 1437 net optional wicd_1.7.2.4-1.dsc
 c2435ddfdef0b9898852d72a85a45f0f 439297 net optional wicd_1.7.2.4.orig.tar.gz
 d7194e5f89c705ec0a1d78888cc9a9ac 25390 net optional wicd_1.7.2.4-1.debian.tar.gz
 70e876544bb1554e909953e3088696ee 15732 net optional wicd_1.7.2.4-1_all.deb
 80536fdf47b05d77b3be5b98c511ba98 229064 net optional wicd-daemon_1.7.2.4-1_all.deb
 008ef0c7f6c3b385e09772b5dda05175 118286 net optional wicd-gtk_1.7.2.4-1_all.deb
 2ad2baaf385d8587098dc606ae0b961f 45170 net optional wicd-curses_1.7.2.4-1_all.deb
 58599deca9024cc41a4c719942257b4f 19372 net optional wicd-cli_1.7.2.4-1_all.deb
 b47692e702901c8edd1295704206f5de 50624 python optional python-wicd_1.7.2.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+e6mMACgkQ5qqQFxOSsXQNGQCfQfBJLnB2Y1M6H1LT5LzEGjyx
B0cAnjDVluMPAfFpVT7tC6RxcBYZYVTW
=39+T
-----END PGP SIGNATURE-----





Reply sent to David Paleino <dapal@debian.org>:
You have taken responsibility. (Wed, 02 May 2012 22:39:09 GMT) Full text and rfc822 format available.

Notification sent to Arno Töll <arno@debian.org>:
Bug acknowledged by developer. (Wed, 02 May 2012 22:39:09 GMT) Full text and rfc822 format available.

Message #61 received at 668397-close@bugs.debian.org (full text, mbox):

From: David Paleino <dapal@debian.org>
To: 668397-close@bugs.debian.org
Subject: Bug#668397: fixed in wicd 1.7.0+ds1-5+squeeze2
Date: Wed, 02 May 2012 22:35:22 +0000
Source: wicd
Source-Version: 1.7.0+ds1-5+squeeze2

We believe that the bug you reported is fixed in the latest version of
wicd, which is due to be installed in the Debian FTP archive:

python-wicd_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/python-wicd_1.7.0+ds1-5+squeeze2_all.deb
wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
wicd_1.7.0+ds1-5+squeeze2.dsc
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze2.dsc
wicd_1.7.0+ds1-5+squeeze2_all.deb
  to main/w/wicd/wicd_1.7.0+ds1-5+squeeze2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 668397@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Paleino <dapal@debian.org> (supplier of updated wicd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 01 May 2012 22:59:35 +0200
Source: wicd
Binary: wicd wicd-daemon wicd-gtk wicd-curses wicd-cli python-wicd
Architecture: source all
Version: 1.7.0+ds1-5+squeeze2
Distribution: proposed-updates
Urgency: low
Maintainer: David Paleino <dapal@debian.org>
Changed-By: David Paleino <dapal@debian.org>
Description: 
 python-wicd - wired and wireless network manager - Python module
 wicd       - wired and wireless network manager - metapackage
 wicd-cli   - wired and wireless network manager - scriptable cli client
 wicd-curses - wired and wireless network manager - Curses client
 wicd-daemon - wired and wireless network manager - daemon
 wicd-gtk   - wired and wireless network manager - GTK+ client
Closes: 668397
Changes: 
 wicd (1.7.0+ds1-5+squeeze2) proposed-updates; urgency=low
 .
   * debian/patches/:
     - 31-fix_local_privilege_escalation.patch, CVE-2012-2095,
       improved. Really fixes the bug. (Closes: #668397)
Checksums-Sha1: 
 f474d1842f2c19c9e6c761d7305af8cccd4f4c83 1489 wicd_1.7.0+ds1-5+squeeze2.dsc
 63d632a6a7ef9567578d85ffca2527bd55d33ff8 29442 wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
 1ba0c7c1a6c6b2ef52551de00a6917364e53e61c 40998 wicd_1.7.0+ds1-5+squeeze2_all.deb
 732d7c30bc029434aa0ee1d3a114682316c401ca 278824 wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
 a2116f72c3c9397eaec90158b58ae617f44bb02d 142162 wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
 b5655b6bb9b0eb9fa190429edb7b58a2f4f14652 70632 wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
 18371dd10cc1db1ed0725373c19b448ee28ae75f 44340 wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
 17247e61e47d3a5b0eb59a1d258611a1fa048b9d 77038 python-wicd_1.7.0+ds1-5+squeeze2_all.deb
Checksums-Sha256: 
 da256880e5fb9a5b4b42cc8f41511880b33982438fe6ab5e9b1b4ee9389b2d3c 1489 wicd_1.7.0+ds1-5+squeeze2.dsc
 1bc325da24e78a4d2cbff75fa321a90825b293be984f3af2fb5de3a7c65e4da6 29442 wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
 fce9d194ea428b7cc264fb222ff5384ef3fa28eb2110ebf4ee8caf6eeb71a463 40998 wicd_1.7.0+ds1-5+squeeze2_all.deb
 13d6cfb4474a6cd09788136f753f4c7b0c60a235db3ed6b9abbd8411d5f8fce0 278824 wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
 152e9197265797b13ac4af2442abe5dc32564f33a1ddb31df35bb377eb309e63 142162 wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
 3399a697f5a12da936e836ff8fe1afea74ef690b11897dec8c4af088b25d70a5 70632 wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
 3f0261d8dcceecf1ba9efe15697602de2e5dd1f81b021c95fd7c019d421a109a 44340 wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
 ee50d9963355bc131401ab8cf203ad40fa3882310b75bbae6f33193021c60942 77038 python-wicd_1.7.0+ds1-5+squeeze2_all.deb
Files: 
 b007ee5399136594172e45d2346396b5 1489 net optional wicd_1.7.0+ds1-5+squeeze2.dsc
 dd7c67708ce3cb651057f3ca95b7ab45 29442 net optional wicd_1.7.0+ds1-5+squeeze2.debian.tar.gz
 328244f9b60e77224c4265f4a11febca 40998 net optional wicd_1.7.0+ds1-5+squeeze2_all.deb
 cf8e2a9375f6b9d0207e2f94ca08b95c 278824 net optional wicd-daemon_1.7.0+ds1-5+squeeze2_all.deb
 cc392ed4186c286f0d59099029205f68 142162 net optional wicd-gtk_1.7.0+ds1-5+squeeze2_all.deb
 d5a971db7a6ca54aa53427d12de5ac63 70632 net optional wicd-curses_1.7.0+ds1-5+squeeze2_all.deb
 eeb2e732af206ba22347ac451603ace4 44340 net optional wicd-cli_1.7.0+ds1-5+squeeze2_all.deb
 83383a567e290374191f0ef7008c27c0 77038 python optional python-wicd_1.7.0+ds1-5+squeeze2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAk+gT4AACgkQ5qqQFxOSsXTawwCgijHTRFGat0VG6NOaOesO2jxy
rgEAoMkAENi9C8jXPFTEstnQaHt7/2FV
=/1q2
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 31 May 2012 07:40:34 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 10:45:25 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.