CVE-2009-1756

NameCVE-2009-1756
DescriptionSLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs529306

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
slim (PTS)jessie1.3.6-4fixed
buster, stretch1.3.6-5.1fixed
bullseye1.3.6-5.2fixed
bookworm1.3.6-5.3fixed
sid, trixie1.3.6-5.4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
slimsourcelenny1.3.0-1+lenny2
slimsource(unstable)1.3.1-2low529306

Search for package or bug name: Reporting problems