{"id":"CVE-2009-1756","details":"SLiM Simple Login Manager 1.3.0 places the X authority magic cookie (mcookie) on the command line when invoking xauth from (1) app.cpp and (2) switchuser.cpp, which allows local users to access the X session by listing the process and its arguments.","modified":"2026-04-10T03:40:47.382020Z","published":"2009-05-22T11:52:40Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/35132"},{"type":"ADVISORY","url":"http://secunia.com/advisories/38070"},{"type":"EVIDENCE","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306"},{"type":"WEB","url":"http://osvdb.org/54583"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2009/05/18/2"},{"type":"WEB","url":"http://www.securityfocus.com/bid/35015"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/50611"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00000.html"},{"type":"WEB","url":"https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00009.html"}],"schema_version":"1.7.5"}