Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 21 May 2009 20:24:24 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: slim


======================================================
Name: CVE-2009-1756
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1756
Reference: MLIST:[oss-security] 20090518 CVE id request: slim
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/18/2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306
Reference: BID:35015
Reference: URL:http://www.securityfocus.com/bid/35015
Reference: OSVDB:54583
Reference: URL:http://osvdb.org/54583
Reference: SECUNIA:35132
Reference: URL:http://secunia.com/advisories/35132
Reference: XF:slim-xauthority-info-disclosure(50611)
Reference: URL:http://xforce.iss.net/xforce/xfdb/50611

SLiM Simple Login Manager 1.3.0 includes places the X authority magic
cookie (mcookie) on the command line when invoking xauth from (1)
app.cpp and (2) switchuser.cpp, which allows local users to access the
X session by listing the process and its arguments.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.