Vulnerability Name:
CVE-2012-0813 (CCN-72759)
Assigned:
2011-12-17
Published:
2011-12-17
Updated:
2012-08-01
Summary:
Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.
CVSS v3 Severity:
4.0 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
2.1 Low
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
)
1.6 Low
(Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
2.1 Low
(CCN CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
)
1.6 Low
(CCN Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-255
Vulnerability Consequences:
Obtain Information
References:
Source: MISC
Type: UNKNOWN
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
Source: CCN
Type: Wicd Bazaar Repository
~wicd-devel/wicd/trunk : revision 222
Source: CCN
Type: Debian Bug report logs - #652417
wicd writes sensitive information in log files (password, passphrase...)
Source: MISC
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417
Source: MITRE
Type: CNA
CVE-2012-0813
Source: SECUNIA
Type: Vendor Advisory
49657
Source: GENTOO
Type: UNKNOWN
GLSA-201206-08
Source: CCN
Type: Wicd Web site
Wicd
Source: MLIST
Type: UNKNOWN
[oss-security] 20120126 CVE request: wicd writes sensitive information in log files (password, passphrase...)
Source: MLIST
Type: UNKNOWN
[oss-security] 20120126 Re: CVE request: wicd writes sensitive information in log files (password, passphrase...)
Source: CCN
Type: OSVDB ID: 78881
wicd /var/log/wicd Log File Password Disclosure
Source: BID
Type: UNKNOWN
51703
Source: CCN
Type: BID-51703
Wicd 'wicd/configmanager.py' Local Information Disclosure Vulnerability
Source: XF
Type: UNKNOWN
wicd-configmanager-info-disc(72759)
Source: CONFIRM
Type: UNKNOWN
https://launchpad.net/wicd/+announcement/9570
Vulnerable Configuration:
Configuration 1
:
cpe:/a:david_paleino:wicd:1.2.7:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.3.1:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.4.0:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.4.1:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.4.2:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.0:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.1:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.2:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.3:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.4:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.5:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.6:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.7:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.8:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.5.9:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.6.0:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.6.2:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.7.0:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:1.7.1:*:*:*:*:*:*:*
OR
cpe:/a:david_paleino:wicd:*:beta3:*:*:*:*:*:*
(Version <= 1.7.1)
OR
cpe:/a:david_paleino:wicd:1.7.2:*:*:*:*:*:*:*
Denotes that component is vulnerable
Oval Definitions
Definition ID
Class
Title
Last Modified
oval:com.ubuntu.precise:def:20120813000
V
CVE-2012-0813 on Ubuntu 12.04 LTS (precise) - low.
2012-06-29
BACK
david_paleino
wicd 1.2.7
david_paleino
wicd 1.3.1
david_paleino
wicd 1.4.0
david_paleino
wicd 1.4.1
david_paleino
wicd 1.4.2
david_paleino
wicd 1.5.0
david_paleino
wicd 1.5.1
david_paleino
wicd 1.5.2
david_paleino
wicd 1.5.3
david_paleino
wicd 1.5.4
david_paleino
wicd 1.5.5
david_paleino
wicd 1.5.6
david_paleino
wicd 1.5.7
david_paleino
wicd 1.5.8
david_paleino
wicd 1.5.9
david_paleino
wicd 1.6.0
david_paleino
wicd 1.6.2
david_paleino
wicd 1.7.0
david_paleino
wicd 1.7.1
david_paleino
wicd * beta3
david_paleino
wicd 1.7.2