Date: Fri, 20 Aug 2010 13:31:32 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE Request: SLiM insecure PATH assignment ----- "Niels Heinen" <niels@...eBSD.org> wrote: > Hi all, > > SLiM versions prior to 1.3.1 assigned logged on users a predefined > PATH > which included './'. This allowed unintentional code execution (e.g. > planted binary) and has been fixed by the developers in version > 1.3.2. > > Can you allocate a CVE number for this one? > Looks like the fix is here: http://svn.berlios.de/wsvn/slim?op=comp&compare=/@...&compare=/@171 Please use CVE-2010-2945 Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ