CVE-2012-2095

David Paleino Wicd < 1.7.1 - Improper Input Validation

Title source: rule

Description

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · pythonlocallinux

https://www.exploit-db.com/exploits/18733

View Code ZIP pw:eip

References (15)

Core 15

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/48759

Issue Tracking x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668397

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/52987

Various Sources x_refsource_confirm

https://launchpad.net/wicd/+announcement/9888

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/11/2

Issue Tracking x_refsource_confirm

https://bugs.launchpad.net/wicd/+bug/979221

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/49657

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079055.html

Various Sources x_refsource_misc

http://www.infosecinstitute.com/courses/ethical-hacking-wicd-0day.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079029.html

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/11/3

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18733

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-201206-08.xml

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079025.html

Various Sources x_refsource_confirm

http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751

Scores

EPSS 0.0056

EPSS Percentile 68.4%

Details

CWE

CWE-20

Status published

Products (23)

david_paleino/wicd 1.2.7

david_paleino/wicd 1.3.1

david_paleino/wicd 1.4.0

david_paleino/wicd 1.4.1

david_paleino/wicd 1.4.2

david_paleino/wicd 1.5.0

david_paleino/wicd 1.5.1

david_paleino/wicd 1.5.2

david_paleino/wicd 1.5.3

david_paleino/wicd 1.5.4

... and 13 more

Published Apr 07, 2014

Tracked Since Feb 18, 2026