FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
68c7187a-abd2-11df-9be6-0015587e2cc1	slim -- insecure PATH assignment SLiM assigns logged on users a PATH in which the current working directory ("./") is included. This PATH can allow unintentional code execution through planted binaries and has therefore been fixed SLiM version 1.3.2. Discovery 2010-05-12 Entry 2010-08-19 Modified 2010-08-20 slim < 1.3.2 CVE-2010-2945 http://seclists.org/oss-sec/2010/q3/198
80f13884-4d4c-11de-8811-0030843d3802	slim -- local disclosure of X authority magic cookie Secunia reports: A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth". This can be exploited to disclose the X authority cookie by consulting the process list and e.g. gain access the user's display. Discovery 2009-05-20 Entry 2009-05-30 slim < 1.3.1_3 35015 CVE-2009-1756 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306

VuXML ID

Description

68c7187a-abd2-11df-9be6-0015587e2cc1

slim -- insecure PATH assignment

SLiM assigns logged on users a PATH in which the current working directory ("./") is included. This PATH can allow unintentional code execution through planted binaries and has therefore been fixed SLiM version 1.3.2.

Discovery 2010-05-12
Entry 2010-08-19
Modified 2010-08-20
slim

< 1.3.2

CVE-2010-2945
http://seclists.org/oss-sec/2010/q3/198

80f13884-4d4c-11de-8811-0030843d3802

slim -- local disclosure of X authority magic cookie

Secunia reports:

A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth". This can be exploited to disclose the X authority cookie by consulting the process list and e.g. gain access the user's display.

Discovery 2009-05-20
Entry 2009-05-30
slim

< 1.3.1_3

35015
CVE-2009-1756
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306