blob: 6af7ae73aa0409ddf23a24c6358a24fe35f74546 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200904-12">
<title>Wicd: Information disclosure</title>
A vulnerability in Wicd may allow for disclosure of sensitive information.
<product type="ebuild">wicd</product>
<announced>April 10, 2009</announced>
<revised>April 10, 2009: 01</revised>
<package name="net-misc/wicd" auto="yes" arch="*">
<unaffected range="ge">1.5.9</unaffected>
<vulnerable range="lt">1.5.9</vulnerable>
Wicd is an open source wired and wireless network manager for Linux.
Tiziano Mueller of Gentoo discovered that the DBus configuration file
for Wicd allows arbitrary users to own the org.wicd.daemon object.
<impact type="normal">
A local attacker could exploit this vulnerability to receive messages
that were intended for the Wicd daemon, possibly including credentials
e.g. for wireless networks.
There is no known workaround at this time.
All Wicd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=net-misc/wicd-1.5.9&quot;</code>
<uri link="">CVE-2009-0489</uri>
<metadata tag="requester" timestamp="Wed, 08 Apr 2009 22:52:50 +0000">
<metadata tag="submitter" timestamp="Thu, 09 Apr 2009 11:29:45 +0000">
<metadata tag="bugReady" timestamp="Thu, 09 Apr 2009 21:59:43 +0000">