CVE-2009-1573

high

Description

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50348

http://www.vupen.com/english/advisories/2010/1185

http://www.ubuntu.com/usn/USN-939-1

http://www.securityfocus.com/bid/34828

http://www.openwall.com/lists/oss-security/2009/05/05/4

http://www.openwall.com/lists/oss-security/2009/05/05/2

http://secunia.com/advisories/39834

Details

Source: Mitre, NVD

Published: 2009-05-06

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics