发布日期:2012-02-29
更新日期:2012-03-05
受影响系统:
GNOME NetworkManager 0.9
GNOME NetworkManager 0.7
GNOME NetworkManager 0.6
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 52206
GNOME NetworkManager可提供系统总线上的接口。
GNOME NetworkManager在实现上存在本地任意文件访问漏洞,本地攻击者可利用此漏洞读取任意文件。
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Ludwig ()提供了如下测试方法:
#!/usr/bin/Python
#
# Copyright (C) 2011 SUSE LINUX Products GmbH
#
# Author: Ludwig Nussel
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# version 2 as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
import gobject
import dbus
import dbus.service
import dbus.mainloop.glib
import os
import subprocess
def N_(x): return x
_debug_level = 0
def debug(level, msg):
if (level <= _debug_level):
print '<%d>'%level, msg
class NetworkManager(gobject.GObject):
NM_STATE = {
0: 'UNKNOWN',
10: 'UNMANAGED',
20: 'UNAVAILABLE',
30: 'DISCONNECTED',
40: 'PREPARE',
50: 'CONFIG',
60: 'NEED_AUTH',
70: 'IP_CONFIG',
80: 'IP_CHECK',
90: 'SECONDARIES',
100: 'ACTIVATED',
110: 'DEACTIVATING',
120: 'FAILED',
}
NM_DEVICE_TYPE = {
0: 'NM_DEVICE_TYPE_UNKNOWN', # The device type is unknown.
1: 'NM_DEVICE_TYPE_ETHERNET', # The device is wired Ethernet device.
2: 'NM_DEVICE_TYPE_WIFI', # The device is an 802.11 WiFi device.
3: 'NM_DEVICE_TYPE_UNUSED1', # Unused
4: 'NM_DEVICE_TYPE_UNUSED2', # Unused
5: 'NM_DEVICE_TYPE_BT', # The device is Bluetooth device that provides PAN or DUN capabilities.
6: 'NM_DEVICE_TYPE_OLPC_MESH', # The device is an OLPC mesh networking device.
7: 'NM_DEVICE_TYPE_WIMAX', # The device is an 802.16e Mobile WiMAX device.
8: 'NM_DEVICE_TYPE_MODEM', # The device is a modem supporting one or more of analog telephone, CDMA/EVDO, GSM/UMTS/HSPA, or LTE standards to access a cellular or wireline data network.
}
NM_802_11_AP_SEC = {
'NM_802_11_AP_SEC_NONE': 0x0, # Null flag.
'NM_802_11_AP_SEC_PAIR_WEP40': 0x1, # Access point supports pairwise 40-bit WEP encryption.
'NM_802_11_AP_SEC_PAIR_WEP104': 0x2, # Access point supports pairwise 104-bit WEP encryption.
'NM_802_11_AP_SEC_PAIR_TKIP': 0x4, # Access point supports pairwise TKIP encryption.
'NM_802_11_AP_SEC_PAIR_CCMP': 0x8, # Access point supports pairwise CCMP encryption.
'NM_802_11_AP_SEC_GROUP_WEP40': 0x10, # Access point supports a group 40-bit WEP cipher.
'NM_802_11_AP_SEC_GROUP_WEP104': 0x20, # Access point supports a group 104-bit WEP cipher.
'NM_802_11_AP_SEC_GROUP_TKIP': 0x40, # Access point supports a group TKIP cipher.
'NM_802_11_AP_SEC_GROUP_CCMP': 0x80, # Access point supports a group CCMP cipher.
'NM_802_11_AP_SEC_KEY_MGMT_PSK': 0x100, # Access point supports PSK key management.
'NM_802_11_AP_SEC_KEY_MGMT_802_1X': 0x200, # Access point supports 802.1x key management.
}