Vulnerability Name:

CVE-2009-0489 (CCN-48594)

Assigned:2009-02-06
Published:2009-02-06
Updated:2012-07-02
Summary:The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-16
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: Wicd Bazaar Repository
~wicd-devel/wicd/trunk : revision 222

Source: CONFIRM
Type: UNKNOWN
http://bazaar.launchpad.net/~wicd-devel/wicd/trunk/revision/222

Source: MITRE
Type: CNA
CVE-2009-0489

Source: CCN
Type: SA33870
Wicd D-Bus Configuration Information Disclosure Security Issue

Source: SECUNIA
Type: UNKNOWN
33870

Source: SECUNIA
Type: UNKNOWN
34685

Source: GENTOO
Type: UNKNOWN
GLSA-200904-12

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?group_id=194573&release_id=659059

Source: CCN
Type: Wicd Web site
Wicd

Source: CCN
Type: GLSA-200904-12
Wicd: Information disclosure

Source: CCN
Type: oss-security Mailing List, Fri, 6 Feb 2009 10:00:46 -0600
CVE Request - Wicd <= 1.5.8

Source: MLIST
Type: UNKNOWN
[oss-security] 20090206 CVE Request - Wicd <= 1.5.8

Source: CCN
Type: OSVDB ID: 51817
Wicd D-Bus Configuration File org.wicd.daemon Object Local Information Disclosure

Source: CCN
Type: BID-33658
Wicd 'wicd.conf' Default Configuration Local Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
wicd-dbus-information-disclosure(48594)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:david_paleino:wicd:1.2.7:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:1.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:david_paleino:wicd:*:*:*:*:*:*:*:* (Version <= 1.5.8)

    • * Denotes that component is vulnerable
    BACK
    david_paleino wicd 1.2.7
    david_paleino wicd 1.3.1
    david_paleino wicd 1.4.0
    david_paleino wicd 1.4.1
    david_paleino wicd 1.4.2
    david_paleino wicd 1.5.0
    david_paleino wicd 1.5.1
    david_paleino wicd 1.5.2
    david_paleino wicd 1.5.3
    david_paleino wicd 1.5.4
    david_paleino wicd 1.5.5
    david_paleino wicd 1.5.6
    david_paleino wicd 1.5.7
    david_paleino wicd *