Vulnerability Description
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | All versions |
| Redhat | Fedora | 10 |
| Ubuntu | Linux | All versions |
| Branden Robinson | Xvfb-Run | 1.6.1 |
Related Weaknesses (CWE)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678ExploitVendor Advisory
- http://secunia.com/advisories/39834
- http://www.openwall.com/lists/oss-security/2009/05/05/2
- http://www.openwall.com/lists/oss-security/2009/05/05/4
- http://www.securityfocus.com/bid/34828
- http://www.ubuntu.com/usn/USN-939-1
- http://www.vupen.com/english/advisories/2010/1185
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50348
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678ExploitVendor Advisory
- http://secunia.com/advisories/39834
- http://www.openwall.com/lists/oss-security/2009/05/05/2
- http://www.openwall.com/lists/oss-security/2009/05/05/4
- http://www.securityfocus.com/bid/34828
- http://www.ubuntu.com/usn/USN-939-1
- http://www.vupen.com/english/advisories/2010/1185
FAQ
What is CVE-2009-1573?
CVE-2009-1573 is a vulnerability with a CVSS score of 4.6 (MEDIUM). xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing...
How severe is CVE-2009-1573?
CVE-2009-1573 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1573?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Redhat Fedora, Ubuntu Linux, Branden Robinson Xvfb-Run.