oss-sec mailing list archives

Re: CVE Request: SLiM insecure PATH assignment

From: Josh Bressers <bressers () redhat com>
Date: Fri, 20 Aug 2010 13:31:32 -0400 (EDT)


----- "Niels Heinen" <niels () FreeBSD org> wrote:

Hi all,

SLiM versions prior to 1.3.1 assigned logged on users a predefined
PATH
which included './'. This allowed unintentional code execution (e.g.
planted binary) and has been fixed by the developers in version
1.3.2.

Can you allocate a CVE number for this one?


Looks like the fix is here:
http://svn.berlios.de/wsvn/slim?op=comp&compare[]=/@170&compare[]=/@171

Please use CVE-2010-2945

Thanks.

-- 
    JB

Current thread:

CVE Request: SLiM insecure PATH assignment Niels Heinen (Aug 19)
- Re: CVE Request: SLiM insecure PATH assignment Josh Bressers (Aug 20)