This bug was fixed in the package network-manager-applet - 0.9.4.1-0ubuntu2.6
--------------- network-manager-applet (0.9.4.1-0ubuntu2.6) precise-security; urgency=medium * SECURITY UPDATE: file access from login screen (LP: #1668321) - debian/patches/applet-Check-the-user-has-permission-to-modify-befor.patch: check permissions before showing dialog in src/applet-device-wifi.c. - No CVE number -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 06 Mar 2017 11:26:10 -0500 ** Changed in: network-manager-applet (Ubuntu Precise) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1668321 Title: Vulnerability allows read/write/exec access on Ubuntu 16.04 Screenlock as lightdm user Status in network-manager-applet package in Ubuntu: Confirmed Status in network-manager-applet source package in Precise: Fix Released Status in network-manager-applet source package in Trusty: Fix Released Status in network-manager-applet source package in Xenial: Fix Released Status in network-manager-applet source package in Yakkety: Fix Released Status in network-manager-applet source package in Zesty: Confirmed Bug description: Hi, We just found a vulnerability in lightdm who could lead us to read files with lightdm permissions, an also write in some directories. We were able to download a reverse_shell payload and execute it in order to gain a reverse shell as lightdm on a remote system. The exploitation require a physical access to the locked computeur and the Wi-fi must be turned on. A access point who let you use a certificate to log-in is required as well but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. We also can open some application such as Firefox which is useful to download malicious binaries :-) See this video for the PoC : https://www.youtube.com/watch?v=Fp2lwRVg0l0 --------- Some info about the Ubuntu version I used on the video above : $ lsb_release -rd Description: Ubuntu 16.04.2 LTS Release: 16.04 $ apt-cache policy lightdm lightdm: Installé : 1.18.3-0ubuntu1 Candidat : 1.18.3-0ubuntu1 Table de version : *** 1.18.3-0ubuntu1 500 500 http://fr.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.18.1-0ubuntu1 500 500 http://fr.archive.ubuntu.com/ubuntu xenial/main amd64 Packages ---------------- I let you time for correction before publishing the discovery. If you have any question please let me know! Regards, Quentin Biguenet -- Orange Cyber-Defense quentin.bigue...@orange.com To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp