CVE-2010-2945

Published Aug 30, 2010

Last updated 3 months ago

CVSS info 6.9

Overview

Description: The default configuration of SLiM before 1.3.2 places ./ (dot slash) at the beginning of the default_path option, which might allow local users to gain privileges via a Trojan horse program in the current working directory, related to slim.conf and cfg.cpp.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-16

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "419353A7-5286-4CFD-ACD2-C719C8E637B7",
            "versionEndIncluding": "1.3.1"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F73F2D8-48B0-47FF-97D0-E25F587FA790"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C021359-21DB-4B51-BAA0-24EDA9B1B4EB"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E79356D-42D3-4798-8514-9D34BE5F132B"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F727B05F-578B-4380-AD22-E2A7EC42F2A1"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C7334548-EED7-47E0-9171-1824F96852E5"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DAE13BC5-0CA5-4BFD-94C0-2DB1A07F6FB5"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3FA6EE1-6C06-4D7D-8B7C-0035754E03DF"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53481D04-2BF7-4295-9AF6-D36C16C45F48"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "243B2DB1-F8D7-44AF-AB6C-1C9A0B958F8F"
          },
          {
            "criteria": "cpe:2.3:a:simone_rota:slim_simple_login_manager:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6893FC98-7B50-494A-BE62-E3B27F44D572"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References