CVE-2009-1573

2009-05-0617:30:09

CWE-264

mitre

web.nvd.nist.gov

cve-2009-1573

xvfb-run

debian gnu/linux

ubuntu

fedora 10

security vulnerability

local privilege escalation

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.5

Confidence

Low

EPSS

Percentile

5.1%

JSON

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

Affected configurations

Nvd

Node

debiandebian_linux

redhatfedoraMatch10

ubuntulinux

AND

branden_robinsonxvfb-runMatch1.6.1

VendorProductVersionCPE
debiandebian_linux*cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
redhatfedora10cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*
ubuntulinux*cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*
branden_robinsonxvfb-run1.6.1cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
debian	debian_linux	*	cpe:2.3:o:debian:debian_linux::::::::
redhat	fedora	10	cpe:2.3:o:redhat:fedora:10:::::::*
ubuntu	linux	*	cpe:2.3:o:ubuntu:linux::::::::
branden_robinson	xvfb-run	1.6.1	cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:::::::*