7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:S/C:C/I:C/A:C
7 High
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
82.8%
Loïc Minier discovered that xvfb-run did not correctly keep the
X.org session cookie private. A local attacker could gain access
to any local sessions started by xvfb-run. Ubuntu 9.10 was not
affected. (CVE-2009-1573)
It was discovered that the X.org server did not correctly handle
certain calculations. A remote attacker could exploit this to
crash the X.org session or possibly run arbitrary code with root
privileges. (CVE-2010-1166)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | xserver-xorg-core | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xdmx | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xdmx-tools | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xnest | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xserver-xephyr | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xserver-xfbdev | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xserver-xorg-core-dbg | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xserver-xorg-dev | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.10 | noarch | xvfb | < 2:1.6.4-2ubuntu4.3 | UNKNOWN |
Ubuntu | 9.04 | noarch | xserver-xorg-core | < 2:1.6.0-0ubuntu14.2 | UNKNOWN |