OpenCVE

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Branden Robinson	Xvfb-run
Debian	Debian Linux
Redhat	Fedora
Ubuntu	Linux

Configuration 1 [-]

AND

OR	cpe:2.3:o:debian:debian_linux::::::::
	cpe:2.3:o:redhat:fedora:10:::::::*
	cpe:2.3:o:ubuntu:linux::::::::

cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678
http://secunia.com/advisories/39834
http://www.openwall.com/lists/oss-security/2009/05/05/2
http://www.openwall.com/lists/oss-security/2009/05/05/4
http://www.securityfocus.com/bid/34828
http://www.ubuntu.com/usn/USN-939-1
http://www.vupen.com/english/advisories/2010/1185
https://exchange.xforce.ibmcloud.com/vulnerabilities/50348
https://nvd.nist.gov/vuln/detail/CVE-2009-1573
https://www.cve.org/CVERecord?id=CVE-2009-1573

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-06T17:00:00

Updated: 2024-08-07T05:20:34.939Z

Reserved: 2009-05-06T00:00:00

Link: CVE-2009-1573

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-05-06T17:30:09.797

Modified: 2017-08-17T01:30:24.710

Link: CVE-2009-1573

Redhat

Severity : Low

Publid Date: 2009-05-02T00:00:00Z

Links: CVE-2009-1573 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-05T00:00:00", "descriptions": [{"lang": "en", "value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"}, {"name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"}, {"name": "39834", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39834"}, {"name": "34828", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/34828"}, {"name": "xvfbrun-magiccookie-info-disclosure(50348)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"}, {"name": "ADV-2010-1185", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1185"}, {"name": "USN-939-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-939-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1573", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"}, {"name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"}, {"name": "39834", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39834"}, {"name": "34828", "refsource": "BID", "url": "http://www.securityfocus.com/bid/34828"}, {"name": "xvfbrun-magiccookie-info-disclosure(50348)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"}, {"name": "ADV-2010-1185", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1185"}, {"name": "USN-939-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-939-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:20:34.939Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"}, {"name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"}, {"name": "39834", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39834"}, {"name": "34828", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/34828"}, {"name": "xvfbrun-magiccookie-info-disclosure(50348)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"}, {"name": "ADV-2010-1185", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1185"}, {"name": "USN-939-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-939-1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1573", "datePublished": "2009-05-06T17:00:00", "dateReserved": "2009-05-06T00:00:00", "dateUpdated": "2024-08-07T05:20:34.939Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*", "matchCriteriaId": "BA70E035-8475-4046-ABD7-5AE59F874EBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*", "matchCriteriaId": "84BB6CD8-43ED-4998-8D68-6934B93EA833", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E4D5938-DC01-4CA6-A493-A34FB2EEEA14", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."}, {"lang": "es", "value": "xvfb-run v1.6.1 en Debian GNU/Linux, Ubuntu, Fedora 10 y posiblemente otros sistemas operativos, ubican la magic cookie (MCOOKIE) en la l\u00ednea de comandos, lo que permite a usuarios locales obtener privilegios listando los procesos y sus argumentos."}], "id": "CVE-2009-1573", "lastModified": "2017-08-17T01:30:24.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-06T17:30:09.797", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/39834"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/34828"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-939-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/1185"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}