Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2945

The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.

Related bugs and status

CVE-2010-2945 (Candidate) is related to these bugs:

Bug #625728: Sync slim 1.3.1-7 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	625728	Sync slim 1.3.1-7 (universe) from Debian unstable (main)		slim (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://svn.berlios.de/...