Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 May 2009 20:24:24 -0400 (EDT)
From: "Steven M. Christey" <>
Subject: Re: CVE id request: slim

Name: CVE-2009-1756
Status: Candidate
Reference: MLIST:[oss-security] 20090518 CVE id request: slim
Reference: URL:
Reference: CONFIRM:
Reference: BID:35015
Reference: URL:
Reference: OSVDB:54583
Reference: URL:
Reference: SECUNIA:35132
Reference: URL:
Reference: XF:slim-xauthority-info-disclosure(50611)
Reference: URL:

SLiM Simple Login Manager 1.3.0 includes places the X authority magic
cookie (mcookie) on the command line when invoking xauth from (1)
app.cpp and (2) switchuser.cpp, which allows local users to access the
X session by listing the process and its arguments.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.