Your message dated Sat, 12 May 2012 13:32:55 +0100 with message-id <dda96cc3369bdcdc1a3cdf68c2fc2f56@mail.adsl.funky-badger.org> and subject line Closing requests for packages included in 6.0.5 has caused the Debian Bug report #668456, regarding pu: package wicd/1.7.0+ds1-5+squeeze2 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 668456: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668456 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: pu: package wicd/1.7.0+ds1-5+squeeze1
- From: David Paleino <dapal@debian.org>
- Date: Thu, 12 Apr 2012 00:31:48 +0200
- Message-id: <20120412003148.629ae99f@local>
- Reply-to: dapal@debian.org
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: pu Hello RT, I'm hereby requesting permission to upload a fix for wicd to p-u, bug #668397 (CCed), CVE-2012-2095. "git diff" attached. The patch for stable is slightly different from the one just pushed in unstable: namely, it needed an additional "has_profile", which was used in pre-1.7.1 versions. Thanks for your work, David -- . ''`. Debian developer | http://wiki.debian.org/DavidPaleino : :' : Linuxer #334216 --|-- http://www.hanskalabs.net/ `. `'` GPG: 1392B174 ----|---- http://deb.li/dapal `- 2BAB C625 4E66 E7B8 450A C3E1 E6AA 9017 1392 B174diff --git a/debian/changelog b/debian/changelog index 8a20bc0..21cd923 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +wicd (1.7.0+ds1-5+squeeze1) UNRELEASED; urgency=low + + * debian/patches/: + - fix local privilege escalation, CVE-2012-2095 + (31-fix_local_privilege_escalation.patch) (Closes: #668397) + + -- David Paleino <dapal@debian.org> Thu, 12 Apr 2012 00:19:08 +0200 + wicd (1.7.0+ds1-5) unstable; urgency=medium * debian/patches/series: diff --git a/debian/patches/31-fix_local_privilege_escalation.patch b/debian/patches/31-fix_local_privilege_escalation.patch new file mode 100644 index 0000000..819eb20 --- /dev/null +++ b/debian/patches/31-fix_local_privilege_escalation.patch @@ -0,0 +1,99 @@ +From: David Paleino <d.paleino@gmail.com> +Subject: fix local privilege escalation, CVE-2012-2095 +Origin: upstream, http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751 + +--- + wicd/wicd-daemon.py | 58 ++++++++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 50 insertions(+), 8 deletions(-) + +--- wicd.orig/wicd/wicd-daemon.py ++++ wicd/wicd/wicd-daemon.py +@@ -980,6 +980,28 @@ class WirelessDaemon(dbus.service.Object + "wireless-settings.conf"), + debug=debug) + ++ self._validProperties = ( ++ 'bssid', ++ 'essid', ++ 'hidden', ++ 'channel', ++ 'mode', ++ 'enctype', ++ 'encryption_method', ++ 'key', ++ 'automatic', ++ 'ip', ++ 'netmask', ++ 'broadcast', ++ 'gateway', ++ 'use_static_dns', ++ 'use_global_dns', ++ 'dns1', ++ 'dns2', ++ 'dns3', ++ 'use_settings_globally', ++ ) ++ + def get_debug_mode(self): + return self._debug_mode + def set_debug_mode(self, mode): +@@ -1088,9 +1110,9 @@ class WirelessDaemon(dbus.service.Object + def SetWirelessProperty(self, netid, prop, value): + """ Sets property to value in network specified. """ + # We don't write script settings here. +- if (prop.strip()).endswith("script"): +- print "Setting script properties through the daemon is not" \ +- + " permitted." ++ if prop.strip() not in self._validProperties: ++ print "Trying to set invalid property (or property not " \ ++ "permitted): "+ prop.strip() + "." + return False + self.LastScan[netid][prop] = misc.to_unicode(misc.Noneify(value)) + +@@ -1367,6 +1389,26 @@ class WiredDaemon(dbus.service.Object): + "wired-settings.conf"), + debug=debug) + ++ self._validProperties = ( ++ 'ip', ++ 'broadcast', ++ 'netmask', ++ 'gateway', ++ 'search_domain', ++ 'dns_domain', ++ 'dns1', ++ 'dns2', ++ 'dns3', ++ 'encryption_enabled', ++ 'default', ++ 'dhcphostname', ++ 'lastused', ++ 'profilename', ++ 'use_global_dns', ++ 'use_static_dns', ++ 'has_profile', ++ ) ++ + def get_debug_mode(self): + return self._debug_mode + def set_debug_mode(self, mode): +@@ -1407,14 +1449,14 @@ class WiredDaemon(dbus.service.Object): + return str(iface) + + @dbus.service.method('org.wicd.daemon.wired') +- def SetWiredProperty(self, property, value): ++ def SetWiredProperty(self, prop, value): + """ Sets the given property to the given value. """ + if self.WiredNetwork: +- if (property.strip()).endswith("script"): +- print "Setting script properties through the daemon" \ +- + " is not permitted." ++ if prop.strip() not in self._validProperties: ++ print "Trying to set invalid property (or property not " \ ++ "permitted): "+ prop.strip() + "." + return False +- self.WiredNetwork[property] = misc.to_unicode(misc.Noneify(value)) ++ self.WiredNetwork[prop] = misc.to_unicode(misc.Noneify(value)) + return True + else: + print 'SetWiredProperty: WiredNetwork does not exist' diff --git a/debian/patches/series b/debian/patches/series index f813495..d46fe16 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -21,3 +21,4 @@ 28-announce_dhclient.conf.template.patch 29-document_variables_passed_to_scripts.patch 30-make_connection_info_selectable.patch +31-fix_local_privilege_escalation.patchAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: <623148-done@bugs.debian.org>, <657722-done@bugs.debian.org>, <658424-done@bugs.debian.org>, <660693-done@bugs.debian.org>, <661473-done@bugs.debian.org>, <661652-done@bugs.debian.org>, <663104-done@bugs.debian.org>, <664567-done@bugs.debian.org>, <666001-done@bugs.debian.org>, <666222-done@bugs.debian.org>, <666687-done@bugs.debian.org>, <668456-done@bugs.debian.org>, <670730-done@bugs.debian.org>, <671449-done@bugs.debian.org>
- Subject: Closing requests for packages included in 6.0.5
- From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Date: Sat, 12 May 2012 13:32:55 +0100
- Message-id: <dda96cc3369bdcdc1a3cdf68c2fc2f56@mail.adsl.funky-badger.org>
Version: 6.0.5 Hi,All of the packages referenced by the closed bugs were included in the 6.0.5 point release which occured today.Regards, Adam
--- End Message ---