Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0489

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2009-0489
Last Modified 02 Jul 2012 12:00:00
Published 09 Feb 2009 03:30:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2009-0489

Summary

The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.

Vulnerable Systems

Application

  • David Paleino Wicd 1.2.7

  • David Paleino Wicd 1.3.1

  • David Paleino Wicd 1.4.0

  • David Paleino Wicd 1.4.1

  • David Paleino Wicd 1.4.2

  • David Paleino Wicd 1.5.0

  • David Paleino Wicd 1.5.1

  • David Paleino Wicd 1.5.2

  • David Paleino Wicd 1.5.3

  • David Paleino Wicd 1.5.4

  • David Paleino Wicd 1.5.5

  • David Paleino Wicd 1.5.6

  • David Paleino Wicd 1.5.7

  • David Paleino Wicd 1.5.8

  • Wicd 1.2.7

  • Wicd 1.3.1

  • Wicd 1.4.0

  • Wicd 1.4.1

  • Wicd 1.4.2

  • Wicd 1.5.0

  • Wicd 1.5.1

  • Wicd 1.5.2

  • Wicd 1.5.3

  • Wicd 1.5.4

  • Wicd 1.5.5

  • Wicd 1.5.6

  • Wicd 1.5.7

  • Wicd 1.5.8


References

MLIST - [oss-security] 20090206 CVE Request - Wicd <= 1.5.8

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=194573&release_id=659059

GENTOO - GLSA-200904-12

SECUNIA - 34685

SECUNIA - 33870

CONFIRM - http://bazaar.launchpad.net/~wicd-devel/wicd/trunk/revision/222


Last Updated: 27 May 2016 10:54:49