FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

slim -- local disclosure of X authority magic cookie

Affected packages
slim < 1.3.1_3

Details

VuXML ID 80f13884-4d4c-11de-8811-0030843d3802
Discovery 2009-05-20
Entry 2009-05-30

Secunia reports:

A security issue has been reported in SLiM, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the application generating the X authority file by passing the X authority cookie via the command line to "xauth". This can be exploited to disclose the X authority cookie by consulting the process list and e.g. gain access the user's display.

References

Bugtraq ID 35015
CVE Name CVE-2009-1756
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306