GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Apr 10, 2009 3:26 pm Post subject: [ GLSA 200904-12 ] Wicd: Information disclosure |
|
|
Gentoo Linux Security Advisory
Title: Wicd: Information disclosure (GLSA 200904-12)
Severity: normal
Exploitable: local
Date: April 10, 2009
Bug(s): #258596
ID: 200904-12
Synopsis
A vulnerability in Wicd may allow for disclosure of sensitive information.
Background
Wicd is an open source wired and wireless network manager for Linux.
Affected Packages
Package: net-misc/wicd
Vulnerable: < 1.5.9
Unaffected: >= 1.5.9
Architectures: All supported architectures
Description
Tiziano Mueller of Gentoo discovered that the DBus configuration file
for Wicd allows arbitrary users to own the org.wicd.daemon object.
Impact
A local attacker could exploit this vulnerability to receive messages
that were intended for the Wicd daemon, possibly including credentials
e.g. for wireless networks.
Workaround
There is no known workaround at this time.
Resolution
All Wicd users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/wicd-1.5.9" |
References
CVE-2009-0489
Last edited by GLSA on Sun Nov 16, 2014 4:28 am; edited 2 times in total |
|