CVE-2009-1573 — Robinson Xvfb-run vulnerability

CWE-2648 documents8 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 79.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

X.org Xorg-server Branden Robinson Xvfb-run Redhat Fedora

Timeline

PublishedMay 6

Latest updateMay 2

Description

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages2 packages

▶NVDbranden_robinson/xvfb-run1.6.1

▶Debianx.org/xorg-server< 2:1.6.1.901-3+3

Also affects: Fedora 10

🔴Vulnerability Details

GHSA

GHSA-pw25-xwrj-vvp2: xvfb-run 1↗2022-05-02

▶

OSV

CVE-2009-1573: xvfb-run 1↗2009-05-06

▶

CVEList

CVE-2009-1573: xvfb-run 1↗2009-05-06

▶

📋Vendor Advisories

Ubuntu

X.org vulnerabilities↗2010-05-18

▶

Red Hat

xvfb-run insecurely displays mcookie value↗2009-05-02

▶

Debian

CVE-2009-1573: xorg-server - xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operat...↗2009

▶

💬Community

Bugzilla

CVE-2009-1573 xvfb-run insecurely displays mcookie value↗2009-05-05

▶