CVE-2009-0489

high

Description

The DBus configuration file for Wicd before 1.5.9 allows arbitrary users to own org.wicd.daemon, which allows local users to receive messages that were intended for the Wicd daemon, possibly including credentials.

References

http://www.openwall.com/lists/oss-security/2009/02/06/4

http://sourceforge.net/project/shownotes.php?group_id=194573&release_id=659059

http://security.gentoo.org/glsa/glsa-200904-12.xml

http://secunia.com/advisories/34685

http://secunia.com/advisories/33870

http://bazaar.launchpad.net/~wicd-devel/wicd/trunk/revision/222

Details

Source: Mitre, NVD

Published: 2009-02-09

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00071

Detections

Analytics