[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0905212024160.18536@faron.mitre.org>
Date: Thu, 21 May 2009 20:24:24 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE id request: slim
======================================================
Name: CVE-2009-1756
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1756
Reference: MLIST:[oss-security] 20090518 CVE id request: slim
Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/18/2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306
Reference: BID:35015
Reference: URL:http://www.securityfocus.com/bid/35015
Reference: OSVDB:54583
Reference: URL:http://osvdb.org/54583
Reference: SECUNIA:35132
Reference: URL:http://secunia.com/advisories/35132
Reference: XF:slim-xauthority-info-disclosure(50611)
Reference: URL:http://xforce.iss.net/xforce/xfdb/50611
SLiM Simple Login Manager 1.3.0 includes places the X authority magic
cookie (mcookie) on the command line when invoking xauth from (1)
app.cpp and (2) switchuser.cpp, which allows local users to access the
X session by listing the process and its arguments.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
