[Secure-testing-team] Bug#594414: CVE-2010-2945: insecure PATH assignment
Moritz Muehlenhoff
jmm at debian.org
Wed Aug 25 19:58:56 UTC 2010
Package: slim
Severity: grave
Tags: security
The following was reported to oss-security:
--
SLiM versions prior to 1.3.1 assigned logged on users a predefined PATH
which included './'. This allowed unintentional code execution (e.g.
planted binary) and has been fixed by the developers in version 1.3.2.
Fix:
http://svn.berlios.de/wsvn/slim?op=comp&compare[]=/@170&compare[]=/@171
--
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages slim depends on:
ii debconf [debconf-2.0] 1.5.35 Debian configuration management sy
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libgcc1 1:4.4.4-9 GCC support library
ii libjpeg62 6b1-1 The Independent JPEG Group's JPEG
ii libpam0g 1.1.1-4 Pluggable Authentication Modules l
ii libpng12-0 1.2.44-1 PNG library - runtime
ii libstdc++6 4.4.4-9 The GNU Standard C++ Library v3
ii libx11-6 2:1.3.3-3 X11 client-side library
ii libxft2 2.1.14-2 FreeType-based font drawing librar
ii libxmu6 2:1.0.5-1 X11 miscellaneous utility library
slim recommends no packages.
Versions of packages slim suggests:
pn scrot <none> (no description available)
More information about the Secure-testing-team
mailing list