Possible wcid vulnrability

[toothandnail]

Don't know if others have seen this: http://www.theregister.co.uk/2012/04/12 ... inux_0day/

Looks as though wcid may have a problem, though it isn't clear how much of a problem it is. Are there plans to get the patched version into Salix?

Paul.

[JRD]

Yes it affects Salix. We will release a upgrade of the wicd package very soon.

The patch to apply to your wicd source if you do not want to wait :
http://bugs.debian.org/cgi-bin/bugrepor ... bug=668397
http://bazaar.launchpad.net/~wicd-devel ... vision/751

[Adys]

FWIW,

wicd 1.7 launchpad revision 756, latest version is 1.7.2.1. (and some bug report was already filed after that release about slackware64 among others, but it is not yet confirmed).

BTW, for the future 1.7.3,

Code: Select all

https://launchpad.net/wicd/+milestone/1.7.3

The WICD GTK client should be ported to GTK-3 and GObject introspection.
Possibly, it should be made so it supports both versions of GTK.

[JRD]

That's why I said to apply just this patches.
Wicd is in python, so no need to recompile anything, it could be applied easily.

[gapan]

Yes, the vulnerability is there. But it's only local, which means someone has to have physical access to your PC in order to exploit it. In addition, the wicd devs haven't really settled on a fix yet. Until now, they have released version 1.7.2 with a fix for this exploit, then released 1.7.2.1 for fixing a utf8 bug in wicd-curses, then released 1.7.2.2 because 1.7.2 and 1.7.2.1 were broken because of the security fix and they just released 1.7.2.3 with the comment in the changelog being "Fix 1.7.2.2 brokenness". All these within 10 days. I wouldn't bet that there won't be yet another fix for further breakage very soon. So between a functioning version with a known local exploit and a broken version without the local exploit, for now I choose the former. We may upgrade if they settle on a fix that doesn't break anything else.

[GJones]

Local vulnerabilities can still be serious, IMO. See for instance Stuxnet, which followed up an arbitrary code execution exploit with a local privilege elevation one to root a Windows machine from an infected USB stick. User browses through contents of USB stick, Explorer renders the malicious LNK file and executes the payload -> bam, compromised. Not likely for anything like that to happen on Linux (yet), but I think my point still stands.

[Shador]

Nobodies saying it's not serious. Just a lot less serious than a remote exploit with such possibilities would be. Anyway, if a supposed fix is just creating more problems there's not much use in it.

[gapan]

If you haven't noticed, slackware pushed an upgrade some days ago, to version 1.7.2.1.