FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
80f13884-4d4c-11de-8811-0030843d3802slim -- local disclosure of X authority magic cookie

Secunia reports:

A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth". This can be exploited to disclose the X authority cookie by consulting the process list and e.g. gain access the user's display.


Discovery 2009-05-20
Entry 2009-05-30
slim
< 1.3.1_3

35015
CVE-2009-1756
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306
68c7187a-abd2-11df-9be6-0015587e2cc1slim -- insecure PATH assignment

SLiM assigns logged on users a PATH in which the current working directory ("./") is included. This PATH can allow unintentional code execution through planted binaries and has therefore been fixed SLiM version 1.3.2.


Discovery 2010-05-12
Entry 2010-08-19
Modified 2010-08-20
slim
< 1.3.2

CVE-2010-2945
http://seclists.org/oss-sec/2010/q3/198