FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

slim -- insecure PATH assignment

Affected packages
slim < 1.3.2

Details

VuXML ID 68c7187a-abd2-11df-9be6-0015587e2cc1
Discovery 2010-05-12
Entry 2010-08-19
Modified 2010-08-20

SLiM assigns logged on users a PATH in which the current working directory ("./") is included. This PATH can allow unintentional code execution through planted binaries and has therefore been fixed SLiM version 1.3.2.

References

CVE Name CVE-2010-2945
URL http://seclists.org/oss-sec/2010/q3/198