Joined: 12 May 2004
|Posted: Fri Apr 10, 2009 3:26 pm Post subject: [ GLSA 200904-12 ] Wicd: Information disclosure
|Gentoo Linux Security Advisory
Title: Wicd: Information disclosure (GLSA 200904-12)
Date: April 10, 2009
A vulnerability in Wicd may allow for disclosure of sensitive information.
Wicd is an open source wired and wireless network manager for Linux.
Vulnerable: < 1.5.9
Unaffected: >= 1.5.9
Architectures: All supported architectures
Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object.
A local attacker could exploit this vulnerability to receive messages that were intended for the Wicd daemon, possibly including credentials e.g. for wireless networks.
There is no known workaround at this time.
All Wicd users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/wicd-1.5.9"