CVE-2009-1573

Published: May 6, 2009Modified: Apr 23, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

Affected (4)

Products: Debian: Debian Linux · Redhat: Fedora · Ubuntu: Linux · +1 more

Show all products

Debian: Debian Linux · Redhat: Fedora · Ubuntu: Linux · Branden Robinson: Xvfb Run

1 product

1 product

1 product

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	All versions
Redhat Fedora	Version 10
Ubuntu Linux	All versions
Branden Robinson Xvfb Run	Version 1.6.1

Related CWEs

CWE-264

References (16)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/39834

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2009/05/05/2

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2009/05/05/4

Source: cve@mitre.org

http://www.securityfocus.com/bid/34828

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-939-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2010/1185

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/50348

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678