Gentoo Logo

Wicd: Multiple vulnerabilities

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 201206-08 / wicd
Release Date June 21, 2012
Latest Revision June 21, 2012: 1
Impact high
Exploitable local
Package Vulnerable versions Unaffected versions Architecture(s)
net-misc/wicd < 1.7.2.1 >= 1.7.2.1 All supported architectures

Related bugreports: #401005, #411729

Synopsis

Multiple vulnerabilities have been found in Wicd, the worst of which might allow execution of arbitrary code as root.

2.  Impact Information

Background

Wicd is an open source wired and wireless network manager for Linux.

Description

Two vulnerabilities have been found in Wicd:

  • Passwords and passphrases are written to /var/log/wicd (CVE-2012-0813).
  • Input from the daemon's D-Bus interface is not properly sanitized (CVE-2012-2095).

Impact

A local attacker could gain privileges of the root user or obtain sensitive information.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Wicd users should upgrade to the latest version:

Code Listing 3.1: Resolution

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.7.2.1"

4.  References



Print

Page updated June 21, 2012

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.