Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Aug 2010 22:34:22 +0200
From: Niels Heinen <>
Subject: CVE Request: SLiM insecure PATH assignment

Hi all,

SLiM versions prior to 1.3.1 assigned logged on users a predefined PATH
which included './'. This allowed unintentional code execution (e.g.
planted binary) and has been fixed by the developers in version 1.3.2.

Can you allocate a CVE number for this one?


Niels Heinen
FreeBSD committer |
PGP: 0x5FE39B80

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ