This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Simone Rota First view 2009-05-22
Product Slim Simple Login Manager Last view 2010-08-30
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.3.0:*:*:*:*:*:*:* 2
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.4:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.3:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.6:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.0:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.1:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.3.1:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.2:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.5:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.0.0:*:*:*:*:*:*:* 1
cpe:2.3:a:simone_rota:slim_simple_login_manager:1.1.0:*:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
6.9 2010-08-30 CVE-2010-2945

The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.

2.1 2009-05-22 CVE-2009-1756

SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-200 Information Exposure
50% (1) CWE-16 Configuration

Open Source Vulnerability Database (OSVDB)

id Description
67309 SLiM default_path PATH Environment Variable Inheritance Local Privilege Escal...
54583 SLiM xauth X Authority Cookie Local Disclosure

OpenVAS Exploits

id Description
2010-12-02 Name : Fedora Update for slim FEDORA-2010-13843
File : nvt/gb_fedora_2010_13843_slim_fc14.nasl
2010-09-10 Name : Fedora Update for slim FEDORA-2010-13890
File : nvt/gb_fedora_2010_13890_slim_fc13.nasl
2010-09-10 Name : Fedora Update for slim FEDORA-2010-13897
File : nvt/gb_fedora_2010_13897_slim_fc12.nasl
2010-08-21 Name : FreeBSD Ports: slim
File : nvt/freebsd_slim0.nasl
2010-01-15 Name : Fedora Update for slim FEDORA-2009-13551
File : nvt/gb_fedora_2009_13551_slim_fc11.nasl
2010-01-15 Name : Fedora Update for slim FEDORA-2009-13552
File : nvt/gb_fedora_2009_13552_slim_fc12.nasl
2009-06-05 Name : FreeBSD Ports: slim
File : nvt/freebsd_slim.nasl

Nessus® Vulnerability Scanner

id Description
2014-12-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201412-08.nasl - Type: ACT_GATHER_INFO
2010-09-09 Name: The remote Fedora host is missing a security update.
File: fedora_2010-13843.nasl - Type: ACT_GATHER_INFO
2010-09-09 Name: The remote Fedora host is missing a security update.
File: fedora_2010-13890.nasl - Type: ACT_GATHER_INFO
2010-09-09 Name: The remote Fedora host is missing a security update.
File: fedora_2010-13897.nasl - Type: ACT_GATHER_INFO
2010-08-20 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_68c7187aabd211df9be60015587e2cc1.nasl - Type: ACT_GATHER_INFO
2010-02-25 Name: The remote Fedora host is missing a security update.
File: fedora_2009-13551.nasl - Type: ACT_GATHER_INFO
2010-02-25 Name: The remote Fedora host is missing a security update.
File: fedora_2009-13552.nasl - Type: ACT_GATHER_INFO
2009-06-01 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_80f138844d4c11de88110030843d3802.nasl - Type: ACT_GATHER_INFO