A vulnerability in Wicd may allow for disclosure of sensitive information.
|Package||net-misc/wicd on all architectures|
|Affected versions||< 1.5.9|
|Unaffected versions||>= 1.5.9|
Wicd is an open source wired and wireless network manager for Linux.
Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object.
A local attacker could exploit this vulnerability to receive messages that were intended for the Wicd daemon, possibly including credentials e.g. for wireless networks.
There is no known workaround at this time.
All Wicd users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.5.9"
April 10, 2009
April 10, 2009: 01