Showing 1 - 1 of 1

CVE-2009-1573

Status Candidate

Overview

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

Related Files

Ubuntu Security Notice 939-1: Posted May 19, 2010; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 939-1 - L. Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges.; tags | advisory, remote, arbitrary, local, root; systems | linux, ubuntu; advisories | CVE-2009-1573, CVE-2010-1166; SHA-256 | 466665fb9452b0aa9be41ad90905f0c837e714353885c083397f02f9e27b496f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 58 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Ahmet Umit Bayram 4 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

CVE-2009-1573

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems