slim -- local disclosure of X authority magic cookie

ID 80F13884-4D4C-11DE-8811-0030843D3802
Type freebsd
Reporter FreeBSD
Modified 2009-05-20T00:00:00


Secunia reports:

A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth". This can be exploited to disclose the X authority cookie by consulting the process list and e.g. gain access the user's display.