Fedora 16 : wicd-1.7.0-10.fc16 (2012-1059)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- CVE-2012-0813

A sensitive information disclosure flaw was found in the way wicd,
wireless and wired network connection manager, performed management of
sensitive information, to be stored in log files. Fields like
'password', 'identity', 'private_key', 'private_key_passwd' etc., were
not excluded from being logged into /var/log/wicd log file, which
could allow local attacker, with the privileges of the 'adm' group to
view content of these entities in plain text, leading to information
disclosure. This update fixes the problem.

A reboot is not technically necessary, but if you do not reboot your
system after installing this update, you should at least restart the
wicd service.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=785147
http://www.nessus.org/u?bbb1f636

Solution :

Update the affected wicd package.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 1.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 57986 ()

Bugtraq ID: 51703

CVE ID: CVE-2012-0813

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now