CVE-2012-2095

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079025.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079029.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079055.html
http://secunia.com/advisories/48759	Vendor Advisory
http://secunia.com/advisories/49657	Vendor Advisory
http://www.exploit-db.com/exploits/18733	Exploit
http://www.gentoo.org/security/en/glsa/glsa-201206-08.xml
http://www.infosecinstitute.com/courses/ethical-hacking-wicd-0day.html
http://www.openwall.com/lists/oss-security/2012/04/11/2
http://www.openwall.com/lists/oss-security/2012/04/11/3
http://www.securityfocus.com/bid/52987
https://bugs.launchpad.net/wicd/+bug/979221
https://launchpad.net/wicd/+announcement/9888

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:david_paleino:wicd::::::::
	cpe:2.3:a:david_paleino:wicd:1.2.7:::::::*
	cpe:2.3:a:david_paleino:wicd:1.3.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.4.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.1:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.3:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.4:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.5:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.6:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.7:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.8:::::::*
	cpe:2.3:a:david_paleino:wicd:1.5.9:::::::*
	cpe:2.3:a:david_paleino:wicd:1.6.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.6.2:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.0:::::::*
	cpe:2.3:a:david_paleino:wicd:1.7.1:beta3::::::
	cpe:2.3:o:fedoraproject:fedora:15:::::::*
	cpe:2.3:o:fedoraproject:fedora:16:::::::*
	cpe:2.3:o:fedoraproject:fedora:17:::::::*

History

No history.

Information

Published : 2014-04-07 15:55

Updated : 2024-02-28 12:20

NVD link : CVE-2012-2095

Mitre link : CVE-2012-2095

CVE.ORG link : CVE-2012-2095

JSON object : View

Products Affected

david_paleino

wicd

fedoraproject

fedora

CWE

CWE-20

Improper Input Validation

6.9 /10