ID FEDORA:3191E10F862 Type fedora Reporter Fedora Modified 2010-01-02T03:28:15
Description
SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim.
{"id": "FEDORA:3191E10F862", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 11 Update: slim-1.3.1-9.fc11", "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "published": "2010-01-02T03:28:15", "modified": "2010-01-02T03:28:15", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2009-1756"], "lastseen": "2020-12-21T08:17:49", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1756"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310862381", "OPENVAS:1361412562310862395", "OPENVAS:136141256231064122", "OPENVAS:1361412562310861602", "OPENVAS:64122", "OPENVAS:861602", "OPENVAS:862395", "OPENVAS:862381", "OPENVAS:861605", "OPENVAS:1361412562310861605"]}, {"type": "nessus", "idList": ["FEDORA_2009-13552.NASL", "FREEBSD_PKG_80F138844D4C11DE88110030843D3802.NASL", "FEDORA_2009-13551.NASL"]}, {"type": "freebsd", "idList": ["80F13884-4D4C-11DE-8811-0030843D3802"]}, {"type": "fedora", "idList": ["FEDORA:9E69511060D", "FEDORA:724E61114C2", "FEDORA:ECA9F10F862"]}], "modified": "2020-12-21T08:17:49", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2020-12-21T08:17:49", "rev": 2}, "vulnersScore": 5.4}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "11", "arch": "any", "packageName": "slim", "packageVersion": "1.3.1", "packageFilename": "UNKNOWN", "operator": "lt"}]}
{"cve": [{"lastseen": "2021-02-02T05:40:02", "description": "SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.", "edition": 4, "cvss3": {}, "published": "2009-05-22T11:52:00", "title": "CVE-2009-1756", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1756"], "modified": "2017-08-17T01:30:00", "cpe": ["cpe:/a:simone_rota:slim_simple_login_manager:1.3.0"], "id": "CVE-2009-1756", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1756", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:simone_rota:slim_simple_login_manager:1.3.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2018-01-08T12:53:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2018-01-08T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:1361412562310861605", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861605", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13552\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00009.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861605\");\n script_version(\"$Revision: 8314 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-08 09:01:01 +0100 (Mon, 08 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13552\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13552\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:40:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:136141256231064122", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231064122", "type": "openvas", "title": "FreeBSD Ports: slim", "sourceData": "#\n#VID 80f13884-4d4c-11de-8811-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 80f13884-4d4c-11de-8811-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: slim\n\nCVE-2009-1756\nSLiM Simple Login Manager 1.3.0 places the X authority magic cookie\n(mcookie) on the command line when invoking xauth from (1) app.cpp and\n(2) switchuser.cpp, which allows local users to access the X session\nby listing the process and its arguments.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\nhttp://www.vuxml.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.64122\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1756\");\n script_bugtraq_id(35015);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: slim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"slim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.1_3\")<0) {\n txt += 'Package slim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-23T13:05:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2018-01-23T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:1361412562310861602", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310861602", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13551\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00000.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.861602\");\n script_version(\"$Revision: 8495 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-23 08:57:49 +0100 (Tue, 23 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13551\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13551\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2017-12-22T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:861602", "href": "http://plugins.openvas.org/nasl.php?oid=861602", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13551", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13551\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 11\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00000.html\");\n script_id(861602);\n script_version(\"$Revision: 8226 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-22 07:30:26 +0100 (Fri, 22 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13551\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13551\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC11\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc11\", rls:\"FC11\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-02T21:14:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-28T00:00:00", "published": "2009-06-05T00:00:00", "id": "OPENVAS:64122", "href": "http://plugins.openvas.org/nasl.php?oid=64122", "type": "openvas", "title": "FreeBSD Ports: slim", "sourceData": "#\n#VID 80f13884-4d4c-11de-8811-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID 80f13884-4d4c-11de-8811-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: slim\n\nCVE-2009-1756\nSLiM Simple Login Manager 1.3.0 places the X authority magic cookie\n(mcookie) on the command line when invoking xauth from (1) app.cpp and\n(2) switchuser.cpp, which allows local users to access the X session\nby listing the process and its arguments.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\nhttp://www.vuxml.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(64122);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-05 18:04:08 +0200 (Fri, 05 Jun 2009)\");\n script_cve_id(\"CVE-2009-1756\");\n script_bugtraq_id(35015);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"FreeBSD Ports: slim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"slim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.1_3\")<0) {\n txt += 'Package slim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-12-18T10:57:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2017-12-18T00:00:00", "published": "2010-01-15T00:00:00", "id": "OPENVAS:861605", "href": "http://plugins.openvas.org/nasl.php?oid=861605", "type": "openvas", "title": "Fedora Update for slim FEDORA-2009-13552", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2009-13552\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lid\u00e9n.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\n\ntag_affected = \"slim on Fedora 12\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00009.html\");\n script_id(861605);\n script_version(\"$Revision: 8153 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-18 07:30:39 +0100 (Mon, 18 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-15 10:29:41 +0100 (Fri, 15 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2009-13552\");\n script_cve_id(\"CVE-2009-1756\");\n script_name(\"Fedora Update for slim FEDORA-2009-13552\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.1~9.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2017-12-29T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:1361412562310862381", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862381", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13890\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047297.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862381\");\n script_version(\"$Revision: 8258 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 08:28:57 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13890\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13890\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:54:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2017-12-26T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:1361412562310862395", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862395", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13897", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047248.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862395\");\n script_version(\"$Revision: 8246 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-26 08:29:20 +0100 (Tue, 26 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13897\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2017-12-13T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:862395", "href": "http://plugins.openvas.org/nasl.php?oid=862395", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13897", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13897\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 12\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047248.html\");\n script_id(862395);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13897\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13897\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-14T11:48:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2945", "CVE-2009-1756"], "description": "Check for the Version of slim", "modified": "2017-12-14T00:00:00", "published": "2010-09-10T00:00:00", "id": "OPENVAS:862381", "href": "http://plugins.openvas.org/nasl.php?oid=862381", "type": "openvas", "title": "Fedora Update for slim FEDORA-2010-13890", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for slim FEDORA-2010-13890\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"SLiM (Simple Login Manager) is a graphical login manager for X11.\n It aims to be simple, fast and independent from the various\n desktop environments.\n SLiM is based on latest stable release of Login.app by Per Lidén.\n\n In the distribution, slim may be called through a wrapper, slim-dynwm,\n which determines the available window managers using the freedesktop\n information and modifies the slim configuration file accordingly,\n before launching slim.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"slim on Fedora 13\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047297.html\");\n script_id(862381);\n script_version(\"$Revision: 8109 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-14 07:31:15 +0100 (Thu, 14 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-10 14:21:00 +0200 (Fri, 10 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2010-13890\");\n script_cve_id(\"CVE-2009-1756\", \"CVE-2010-2945\");\n script_name(\"Fedora Update for slim FEDORA-2010-13890\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of slim\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"slim\", rpm:\"slim~1.3.2~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-07T10:46:35", "description": "Secunia reports :\n\nA security issue has been reported in SLiM, which can be exploited by\nmalicious, local users to disclose sensitive information.\n\nThe security issue is caused due to the application generating the X\nauthority file by passing the X authority cookie via the command line\nto 'xauth'. This can be exploited to disclose the X authority cookie\nby consulting the process list and e.g. gain access the user's\ndisplay.", "edition": 26, "published": "2009-06-01T00:00:00", "title": "FreeBSD : slim -- local disclosure of X authority magic cookie (80f13884-4d4c-11de-8811-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "modified": "2009-06-01T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:slim"], "id": "FREEBSD_PKG_80F138844D4C11DE88110030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/38965", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38965);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-1756\");\n script_bugtraq_id(35015);\n\n script_name(english:\"FreeBSD : slim -- local disclosure of X authority magic cookie (80f13884-4d4c-11de-8811-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nA security issue has been reported in SLiM, which can be exploited by\nmalicious, local users to disclose sensitive information.\n\nThe security issue is caused due to the application generating the X\nauthority file by passing the X authority cookie via the command line\nto 'xauth'. This can be exploited to disclose the X authority cookie\nby consulting the process list and e.g. gain access the user's\ndisplay.\"\n );\n # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306\"\n );\n # https://vuxml.freebsd.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0b2b676b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:U/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/05/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"slim<1.3.1_3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:07:05", "description": " - Tue Dec 22 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\n - Sat Oct 10 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-8\n\n - Fix BZ #518068\n\n - Sun Jul 26 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.3.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Sun Jun 21 2009 Anders F Bjorklund <afb at\n users.sourceforge.net> 1.3.1-6\n\n - exclude current directory from default_path in\n slim.conf (#505359)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-02-25T00:00:00", "title": "Fedora 11 : slim-1.3.1-9.fc11 (2009-13551)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "modified": "2010-02-25T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:slim", "cpe:/o:fedoraproject:fedora:11"], "id": "FEDORA_2009-13551.NASL", "href": "https://www.tenable.com/plugins/nessus/44881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13551.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44881);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1756\");\n script_xref(name:\"FEDORA\", value:\"2009-13551\");\n\n script_name(english:\"Fedora 11 : slim-1.3.1-9.fc11 (2009-13551)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Dec 22 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\n - Sat Oct 10 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-8\n\n - Fix BZ #518068\n\n - Sun Jul 26 2009 Fedora Release Engineering <rel-eng at\n lists.fedoraproject.org> - 1.3.1-7\n\n - Rebuilt for\n https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\n\n - Sun Jun 21 2009 Anders F Bjorklund <afb at\n users.sourceforge.net> 1.3.1-6\n\n - exclude current directory from default_path in\n slim.conf (#505359)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033323.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82c010db\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^11([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 11.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC11\", reference:\"slim-1.3.1-9.fc11\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slim\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:07:05", "description": " - Tue Dec 22 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2010-02-25T00:00:00", "title": "Fedora 12 : slim-1.3.1-9.fc12 (2009-13552)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-1756"], "modified": "2010-02-25T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:slim"], "id": "FEDORA_2009-13552.NASL", "href": "https://www.tenable.com/plugins/nessus/44882", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-13552.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44882);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-1756\");\n script_xref(name:\"FEDORA\", value:\"2009-13552\");\n\n script_name(english:\"Fedora 12 : slim-1.3.1-9.fc12 (2009-13552)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Tue Dec 22 2009 Lorenzo Villani <lvillani at\n binaryhelix.net> - 1.3.1-9\n\n - Fix CVE-2009-1756 (bugzilla: 544024)\n\n - Fix MIT insecure cookie generation (patch from Debian)\n\n - Fix build with GCC 4.4\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=501562\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-January/033332.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cbc37fe\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected slim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:slim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/12/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"slim-1.3.1-9.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"slim\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:14", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1756"], "description": "\nSecunia reports:\n\nA security issue has been reported in SLiM, which can be\n\t exploited by malicious, local users to disclose sensitive\n\t information.\nThe security issue is caused due to the application\n\t generating the X authority file by passing the X authority\n\t cookie via the command line to \"xauth\". This can be exploited\n\t to disclose the X authority cookie by consulting the process\n\t list and e.g. gain access the user's display.\n\n", "edition": 4, "modified": "2009-05-20T00:00:00", "published": "2009-05-20T00:00:00", "id": "80F13884-4D4C-11DE-8811-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/80f13884-4d4c-11de-8811-0030843d3802.html", "title": "slim -- local disclosure of X authority magic cookie", "type": "freebsd", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1756"], "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "modified": "2010-01-02T03:29:37", "published": "2010-01-02T03:29:37", "id": "FEDORA:ECA9F10F862", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: slim-1.3.1-9.fc12", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1756", "CVE-2010-2945"], "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "modified": "2010-09-09T01:15:33", "published": "2010-09-09T01:15:33", "id": "FEDORA:9E69511060D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: slim-1.3.2-2.fc12", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2009-1756", "CVE-2010-2945"], "description": "SLiM (Simple Login Manager) is a graphical login manager for X11. It aims to be simple, fast and independent from the various desktop environments. SLiM is based on latest stable release of Login.app by Per Lid=C3=A9n. In the distribution, slim may be called through a wrapper, slim-dynwm, which determines the available window managers using the freedesktop information and modifies the slim configuration file accordingly, before launching slim. ", "modified": "2010-09-09T01:25:39", "published": "2010-09-09T01:25:39", "id": "FEDORA:724E61114C2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: slim-1.3.2-2.fc13", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}
