wicd writes sensitive information in log files (password, passphrase...)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| wicd (Debian) |
Fix Released
|
Unknown
|
|||
| wicd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
| Natty |
Fix Released
|
Undecided
|
Unassigned | ||
| Oneiric |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Imported from Debian bug http://
Package: wicd
Version: 1.7.1~b3-3
Severity: grave
Tags: security
Justification: user security hole
wicd writes sensitive information in log files (under /var/log/wicd),
such as passwords and passphrases. Users in the adm group can have
access to them, but also log files are meant to be sent in bug
reports, and if the bug reporter doesn't pay attention, there is
a huge risk to transmit such information.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=
Shell: /bin/sh linked to /bin/dash
Versions of packages wicd depends on:
ii wicd-daemon 1.7.1~b3-3
ii wicd-gtk [wicd-client] 1.7.1~b3-3
wicd recommends no packages.
wicd suggests no packages.
Versions of packages wicd-gtk depends on:
ii python 2.7.2-9
ii python-glade2 2.24.0-2
ii python-gtk2 2.24.0-2
ii wicd-daemon 1.7.1~b3-3
Versions of packages wicd-gtk recommends:
ii gksu 2.0.2-6
ii python-notify 0.1.1-3
Versions of packages wicd-daemon depends on:
ii adduser 3.113
ii dbus 1.4.16-1
ii debconf 1.5.41
ii ethtool 1:3.1-1
ii iproute 20111117-1
ii iputils-ping 3:20101006-1+b1
ii isc-dhcp-client [dhcp3-client] 4.1.1-P1-17
ii lsb-base 3.2-28
ii net-tools 1.60-24.1
ii psmisc 22.14-1
ii python 2.7.2-9
ii python-dbus 0.84.0-2
ii python-gobject 3.0.3-1
ii python-wicd 1.7.1~b3-3
ii wireless-tools 30~pre9-7
ii wpasupplicant 0.7.3-5
Versions of packages wicd-daemon recommends:
ii wicd-gtk [wicd-client] 1.7.1~b3-3
Versions of packages wicd-daemon suggests:
ii pm-utils 1.4.1-8
Versions of packages python-wicd depends on:
ii python 2.7.2-9
ii python2.6 2.6.7-4
ii python2.7 2.7.2-8
-- debconf information:
* wicd/users: vinc17
* wicd/users: vinc17
Related branches
- Ubuntu branches: Pending requested
-
Diff: 155 lines (+118/-1)5 files modifieddebian/changelog (+19/-0)
debian/control (+2/-1)
debian/patches/36-fix_local_privilege_escalation.patch (+73/-0)
debian/patches/37-mask-sensitive-info-from-log.patch (+22/-0)
debian/patches/series (+2/-0)
- Ubuntu branches: Pending requested
-
Diff: 155 lines (+118/-1)5 files modifieddebian/changelog (+19/-0)
debian/control (+2/-1)
debian/patches/36-fix_local_privilege_escalation.patch (+73/-0)
debian/patches/37-mask-sensitive-info-from-log.patch (+22/-0)
debian/patches/series (+2/-0)
- Ubuntu Development Team: Pending requested
-
Diff: 155 lines (+118/-1)5 files modifieddebian/changelog (+19/-0)
debian/control (+2/-1)
debian/patches/23-fix_local_privilege_escalation.patch (+73/-0)
debian/patches/24-mask-sensitive-info-from-log.patch (+22/-0)
debian/patches/series (+2/-0)
| Changed in wicd (Ubuntu): | |
| status: | New → Fix Released |
| Changed in wicd (Debian): | |
| importance: | Undecided → Unknown |
| status: | New → Fix Released |
| Tyler Hicks (tyhicks) wrote | #1 |
| Changed in wicd (Ubuntu Lucid): | |
| status: | New → Confirmed |
| Changed in wicd (Ubuntu Natty): | |
| status: | New → Confirmed |
| Changed in wicd (Ubuntu Oneiric): | |
| status: | New → Confirmed |
| Launchpad Janitor (janitor) wrote | #2 |
| Launchpad Janitor (janitor) wrote | #3 |
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in wicd (Ubuntu Lucid): | |
| status: | Confirmed → Fix Released |
| Changed in wicd (Ubuntu Natty): | |
| status: | Confirmed → Fix Released |
| Changed in wicd (Ubuntu Oneiric): | |
| status: | Confirmed → Fix Released |
jtaylor's branches look good. Packages are building and should be released soon.