CVE-2012-2095

Description

The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.

How to fix CVE-2012-2095

To remediate CVE-2012-2095, upgrade the affected package to a fixed version below.

• Debian/wicd—upgrade to 1.7.2.4-1 or later

Is CVE-2012-2095 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.7.2.4-1

References (15)

• ADVISORYsecunia.com/advisories/48759
• ADVISORYsecunia.com/advisories/49657
• EXPLOITwww.exploit-db.com/exploits/18733
• WEBbazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/751
• WEB