CVE-2012-2095 in WICD
Summary
by MITRE
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus message.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 05/09/2026
The vulnerability identified as CVE-2012-2095 resides within the D-Bus interface implementation of WICD version 1.7.1 and earlier, representing a critical privilege escalation flaw that enables local attackers to manipulate wireless network configurations with elevated system privileges. This vulnerability specifically targets the SetWiredProperty function, which serves as a communication endpoint for managing wired network properties through the D-Bus messaging system. The flaw stems from inadequate input validation and sanitization within the function's parameter handling mechanism, allowing malicious actors to craft specially formatted D-Bus messages containing arbitrary property names that bypass normal access controls and validation checks.
The technical exploitation of this vulnerability occurs through the manipulation of D-Bus message structures where attackers can inject crafted property names that the SetWiredProperty function processes without proper authorization verification. This vulnerability maps directly to CWE-20, "Improper Input Validation," and CWE-78, "Improper Neutralization of Special Elements used in OS Command Injection Attacks," as the function fails to validate the legitimacy of property names before applying them to system configuration settings. The D-Bus interface in WICD operates with elevated privileges to manage network configurations, making this vulnerability particularly dangerous as it allows local users to bypass normal user permissions and execute arbitrary configuration changes that could potentially lead to privilege escalation or system compromise.
From an operational perspective, this vulnerability presents significant security implications for systems running affected versions of WICD, particularly in environments where local users might have access to the system but should not possess administrative privileges. The attack vector is relatively straightforward as it requires only local access to craft and send malicious D-Bus messages, making it accessible to any user with system-level access. Successful exploitation could enable attackers to modify network configuration parameters, potentially redirecting traffic through malicious proxies, disabling security features, or establishing persistent backdoors within the network infrastructure. The vulnerability's impact extends beyond simple configuration changes as it could be leveraged to create persistent access points or to manipulate network security settings that affect the entire system's network connectivity and security posture.
The remediation strategy for this vulnerability involves upgrading to WICD version 1.7.2 or later, which includes proper input validation and sanitization mechanisms within the SetWiredProperty function. Security practitioners should also implement additional monitoring of D-Bus message traffic for unusual property name patterns and consider implementing access control lists that restrict which users or processes can interact with the WICD D-Bus interface. Organizations should conduct comprehensive vulnerability assessments to identify systems running affected versions of WICD and ensure that all network management interfaces are properly secured against unauthorized access. The vulnerability demonstrates the critical importance of input validation in privileged system interfaces and aligns with ATT&CK technique T1068, "Exploitation for Privilege Escalation," where attackers exploit software vulnerabilities to gain elevated privileges through legitimate system interfaces.