CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | * | cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:* |
redhat | fedora | 10 | cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:* |
ubuntu | linux | * | cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:* |
branden_robinson | xvfb-run | 1.6.1 | cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:* |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678
secunia.com/advisories/39834
www.openwall.com/lists/oss-security/2009/05/05/2
www.openwall.com/lists/oss-security/2009/05/05/4
www.securityfocus.com/bid/34828
www.ubuntu.com/usn/USN-939-1
www.vupen.com/english/advisories/2010/1185
exchange.xforce.ibmcloud.com/vulnerabilities/50348
More