CVE Vulnerabilities

CVE-2010-2945

Published: Aug 30, 2010 | Modified: Aug 31, 2010
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.

Affected Software

Name Vendor Start Version End Version
Slim_simple_login_manager Simone_rota 1.2.3 1.2.3
Slim_simple_login_manager Simone_rota 1.2.1 1.2.1
Slim_simple_login_manager Simone_rota 1.2.2 1.2.2
Slim_simple_login_manager Simone_rota 1.3.0 1.3.0
Slim_simple_login_manager Simone_rota 1.1.0 1.1.0
Slim_simple_login_manager Simone_rota 1.0.0 1.0.0
Slim_simple_login_manager Simone_rota 1.2.5 1.2.5
Slim_simple_login_manager Simone_rota 1.2.6 1.2.6
Slim_simple_login_manager Simone_rota 1.2.0 1.2.0
Slim_simple_login_manager Simone_rota * 1.3.1
Slim_simple_login_manager Simone_rota 1.2.4 1.2.4

References