Gentoo Logo

Wicd: Information disclosure

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200904-12 / wicd
Release Date April 10, 2009
Latest Revision April 10, 2009: 01
Impact normal
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/wicd < 1.5.9 >= 1.5.9 All supported architectures

Related bugreports: #258596

Synopsis

A vulnerability in Wicd may allow for disclosure of sensitive information.

2.  Impact Information

Background

Wicd is an open source wired and wireless network manager for Linux.

Description

Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object.

Impact

A local attacker could exploit this vulnerability to receive messages that were intended for the Wicd daemon, possibly including credentials e.g. for wireless networks.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Wicd users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/wicd-1.5.9"

4.  References

Print

Page updated April 10, 2009

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.