touch-packages team mailing list archive

Thread
Date

[Bug 1449245] Re: com.canonical.NMOfono.ReadImsiContexts privilege escalation

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Tue, 28 Apr 2015 13:56:02 -0000
Reply-to: Bug 1449245 <1449245@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1449245

Title:
  com.canonical.NMOfono.ReadImsiContexts privilege escalation

Status in network-manager package in Ubuntu:
  Fix Released
Status in network-manager source package in Trusty:
  Fix Released
Status in network-manager source package in Utopic:
  Fix Released
Status in network-manager source package in Vivid:
  Fix Released

Bug description:
  Tavis Ormandy reports the following:

  Apparently you're not happy with me for discussing local privilege
  escalation on oss-security, so as you requested, here's what appears
  to be a problem in Ubuntu-specific code.

  I thought I'd take a quick look at D-Bus services you add in Ubuntu
  after the usb-creator bug, this one jumps out at me as incorrect:

  http://bazaar.launchpad.net/~phablet-team/network-manager/ofono-format-cleanup/view/head:/debian/patches/add_ofono
  _settings_support.patch#L718

  Untested, but that really looks like you can call
  com.canonical.NMOfono.ReadImsiContexts(imsi:"../../../tmp/whatever"),
  and supply one of those glib keyfiles (i guess you just need to call
  it "gprs")?

  Tavis.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1449245/+subscriptions