Wicd: Information disclosure — GLSA 200904-12

A vulnerability in Wicd may allow for disclosure of sensitive information.

Affected packages

net-misc/wicd on all architectures
Affected versions < 1.5.9
Unaffected versions >= 1.5.9

Background

Wicd is an open source wired and wireless network manager for Linux.

Description

Tiziano Mueller of Gentoo discovered that the DBus configuration file for Wicd allows arbitrary users to own the org.wicd.daemon object.

Impact

A local attacker could exploit this vulnerability to receive messages that were intended for the Wicd daemon, possibly including credentials e.g. for wireless networks.

Workaround

There is no known workaround at this time.

Resolution

All Wicd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/wicd-1.5.9"

References

Release date
April 10, 2009

Latest revision
April 10, 2009: 01

Severity
normal

Exploitable
local

Bugzilla entries