CVE-2010-2945

2010-08-3020:00:00

Debian Security Bug Tracker

security-tracker.debian.org

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.

OSVersionArchitecturePackageVersionFilename
Debian12allslim< 1.3.1-7slim_1.3.1-7_all.deb
Debian11allslim< 1.3.1-7slim_1.3.1-7_all.deb
Debian10allslim< 1.3.1-7slim_1.3.1-7_all.deb
Debian999allslim< 1.3.1-7slim_1.3.1-7_all.deb
Debian13allslim< 1.3.1-7slim_1.3.1-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	slim	< 1.3.1-7	slim_1.3.1-7_all.deb
Debian	11	all	slim	< 1.3.1-7	slim_1.3.1-7_all.deb
Debian	10	all	slim	< 1.3.1-7	slim_1.3.1-7_all.deb
Debian	999	all	slim	< 1.3.1-7	slim_1.3.1-7_all.deb
Debian	13	all	slim	< 1.3.1-7	slim_1.3.1-7_all.deb