Package: wicd-daemon Version: 1.7.2.4-4.1 Severity: normal The contents of my /var/log/wicd directory:
-rw-r----- 1 root adm 301595 2013-12-28 22:27:16 wicd.log -rw-r----- 1 root adm 369856 2013-12-20 11:14:01 wicd.log.1 -rw-rw-rw- 1 root root 810018 2013-12-17 20:30:49 wicd.log.2 -rw-rw-rw- 1 root root 6945574 2013-12-20 11:03:16 wicd.log.3 Some log files are writable by everyone. After some thoughts, I don't think there is a security problem, because these are just "archived" log data, and looking at the buggy permissions, the admin knows that they aren't reliable. The mtime values are also strange: wicd.log.3 have been older than wicd.log.2! /var/log/wicd/wicd.log.3 starts with: 2013/12/06 10:02:11 :: and ends with: 2013/12/12 02:56:33 :: Unable to autoconnect, you'll have to manually connecttling autoreconnect then lots of "Throttling autoreconnect" and "Starting automatic reconnect process" lines. /var/log/wicd/wicd.log.2 starts with: 2013/12/12 02:56:33 :: and ends with: 2013/12/17 20:30:49 :: No wired connection present, attempting to autoconnect to wireless network /var/log/wicd/wicd.log.1 starts with: 2013/12/17 20:30:49 :: and ends with: 2013/12/20 11:14:01 :: --------------------------- -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages wicd-daemon depends on: ii adduser 3.113+nmu3 ii dbus 1.6.18-2 ii debconf 1.5.52 ii ethtool 1:3.11-1 ii iproute 1:3.12.0-1 ii iputils-ping 3:20121221-4 ii isc-dhcp-client 4.2.4-7 ii lsb-base 4.1+Debian12 ii net-tools 1.60-25 ii psmisc 22.20-1 ii python 2.7.5-5 ii python-dbus 1.2.0-2+b1 ii python-gobject 3.10.2-1 ii python-wicd 1.7.2.4-4.1 ii wireless-tools 30~pre9-8 ii wpasupplicant 1.0-3.1 Versions of packages wicd-daemon recommends: ii rfkill 0.5-1 ii wicd-gtk [wicd-client] 1.7.2.4-4.1 Versions of packages wicd-daemon suggests: ii pm-utils 1.4.1-13 Versions of packages wicd depends on: ii wicd-gtk [wicd-client] 1.7.2.4-4.1 Versions of packages wicd-gtk depends on: ii python 2.7.5-5 ii python-glade2 2.24.0-3+b1 ii python-gtk2 2.24.0-3+b1 Versions of packages wicd-gtk recommends: ii gksu 2.0.2-6 ii python-notify 0.1.1-3 Versions of packages python-wicd depends on: ii python 2.7.5-5 -- Configuration Files: /etc/wicd/encryption/templates/active changed: wpa wpa-peap wpa-psk wpa2-leap wpa2-peap wep-hex wep-passphrase wep-shared leap ttls eap peap-eduroam peap peap-tkip eap-tls psu -- debconf information: * wicd/users: vinc17 * wicd/users: vinc17 _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
