Wicd: Multiple vulnerabilities — GLSA 201206-08

Multiple vulnerabilities have been found in Wicd, the worst of which might allow execution of arbitrary code as root.

Affected packages

net-misc/wicd on all architectures
Affected versions < 1.7.2.1
Unaffected versions >= 1.7.2.1

Background

Wicd is an open source wired and wireless network manager for Linux.

Description

Two vulnerabilities have been found in Wicd:

  • Passwords and passphrases are written to /var/log/wicd (CVE-2012-0813).
  • Input from the daemon's D-Bus interface is not properly sanitized (CVE-2012-2095).

Impact

A local attacker could gain privileges of the root user or obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All Wicd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.7.2.1"
 

References

Release date
June 21, 2012

Latest revision
June 21, 2012: 1

Severity
high

Exploitable
local

Bugzilla entries