Gentoo Logo

Wicd: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201206-08 / wicd
Release Date June 21, 2012
Latest Revision June 21, 2012: 1
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/wicd < >= All supported architectures

Related bugreports: #401005, #411729


Multiple vulnerabilities have been found in Wicd, the worst of which might allow execution of arbitrary code as root.

2.  Impact Information


Wicd is an open source wired and wireless network manager for Linux.


Two vulnerabilities have been found in Wicd:

  • Passwords and passphrases are written to /var/log/wicd (CVE-2012-0813).
  • Input from the daemon's D-Bus interface is not properly sanitized (CVE-2012-2095).


A local attacker could gain privileges of the root user or obtain sensitive information.

3.  Resolution Information


There is no known workaround at this time.


All Wicd users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-misc/wicd-"

4.  References


Page updated June 21, 2012

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.