CVE-2009-1573

EUVD-2009-1569
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
debiandebian_linux
*
ubuntulinux
*
branden_robinsonxvfb-run
1.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xorg-server
bookworm
2:21.1.7-3+deb12u7
fixed
bookworm (security)
2:21.1.7-3+deb12u8
fixed
bullseye
2:1.20.11-1+deb11u13
fixed
bullseye (security)
2:1.20.11-1+deb11u14
fixed
etch
no-dsa
lenny
no-dsa
sid
2:21.1.14-1
fixed
trixie
2:21.1.14-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xorg-server
dapper
ignored
hardy
Fixed 2:1.4.1~git20080131-1ubuntu9.3
released
intrepid
ignored
jaunty
Fixed 2:1.6.0-0ubuntu14.2
released
karmic
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678
http://secunia.com/advisories/39834
http://www.openwall.com/lists/oss-security/2009/05/05/2
http://www.openwall.com/lists/oss-security/2009/05/05/4
http://www.securityfocus.com/bid/34828
http://www.ubuntu.com/usn/USN-939-1
http://www.vupen.com/english/advisories/2010/1185
https://exchange.xforce.ibmcloud.com/vulnerabilities/50348
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678
http://secunia.com/advisories/39834
http://www.openwall.com/lists/oss-security/2009/05/05/2
http://www.openwall.com/lists/oss-security/2009/05/05/4
http://www.securityfocus.com/bid/34828
http://www.ubuntu.com/usn/USN-939-1
http://www.vupen.com/english/advisories/2010/1185
https://exchange.xforce.ibmcloud.com/vulnerabilities/50348