CVE-2012-0813
low
CVSS v3
—
CVSS v2
2.1
VIR risk
2.1
Description
Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/49657
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| david_paleino | wicd | {"endIncluding":"1.7.1"} | |
| david_paleino | wicd | 1.2.7 | |
| david_paleino | wicd | 1.3.1 | |
| david_paleino | wicd | 1.4.0 | |
| david_paleino | wicd | 1.4.1 | |
| david_paleino | wicd | 1.4.2 | |
| david_paleino | wicd | 1.5.0 | |
| david_paleino | wicd | 1.5.1 | |
| david_paleino | wicd | 1.5.2 | |
| david_paleino | wicd | 1.5.3 | |
| david_paleino | wicd | 1.5.4 | |
| david_paleino | wicd | 1.5.5 | |
| david_paleino | wicd | 1.5.6 | |
| david_paleino | wicd | 1.5.7 | |
| david_paleino | wicd | 1.5.8 | |
| david_paleino | wicd | 1.5.9 | |
| david_paleino | wicd | 1.6.0 | |
| david_paleino | wicd | 1.6.2 | |
| david_paleino | wicd | 1.7.0 | |
| david_paleino | wicd | 1.7.1 | |
| david_paleino | wicd | 1.7.2 | |
References
- http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417
- http://secunia.com/advisories/49657
- http://security.gentoo.org/glsa/glsa-201206-08.xml
- http://www.openwall.com/lists/oss-security/2012/01/26/13
- http://www.openwall.com/lists/oss-security/2012/01/26/14
- http://www.securityfocus.com/bid/51703
- https://launchpad.net/wicd/+announcement/9570
- http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417
- http://secunia.com/advisories/49657
- http://security.gentoo.org/glsa/glsa-201206-08.xml
- http://www.openwall.com/lists/oss-security/2012/01/26/13
- http://www.openwall.com/lists/oss-security/2012/01/26/14
- http://www.securityfocus.com/bid/51703
- https://launchpad.net/wicd/+announcement/9570
CWEs
CWE-255
Verify integrity in audit chain (admin only). AS-IS.