Wicd: Multiple vulnerabilities
Multiple vulnerabilities have been found in Wicd, the worst of
which might allow execution of arbitrary code as root.
wicd
2012-06-21
2012-06-21
401005
411729
local
1.7.2.1
1.7.2.1
Wicd is an open source wired and wireless network manager for Linux.
Two vulnerabilities have been found in Wicd:
- Passwords and passphrases are written to /var/log/wicd
(CVE-2012-0813).
- Input from the daemon's D-Bus interface is not properly sanitized
(CVE-2012-2095).
A local attacker could gain privileges of the root user or obtain
sensitive information.
There is no known workaround at this time.
All Wicd users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/wicd-1.7.2.1"
CVE-2012-0813
CVE-2012-2095
underling
ackle