oss-sec mailing list archives

Re: CVE Request - Wicd <= 1.5.8

From: "Steven M. Christey" <coley () linus mitre org>
Date: Mon, 9 Feb 2009 14:53:07 -0500 (EST)


======================================================
Name: CVE-2009-0489
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0489
Reference: MLIST:[oss-security] 20090206 CVE Request - Wicd <= 1.5.8
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/06/4
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?group_id=194573&release_id=659059
Reference: CONFIRM:http://bazaar.launchpad.net/~wicd-devel/wicd/trunk/revision/222

The DBus configuration file for Wicd before 1.5.9 allows arbitrary
users to own org.wicd.daemon, which allows local users to receive
messages that were intended for the Wicd daemon, possibly including
credentials.

Current thread:

CVE Request - Wicd <= 1.5.8 Robby Workman (Feb 06)
- Re: CVE Request - Wicd <= 1.5.8 Steven M. Christey (Feb 09)