CVE 2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Related bugs and status
CVE-2009-1573 (Candidate) is related to these bugs:
Bug #403316: dpkg: warning: obsolete option '--print-installation-architecture'
Bug #551193: typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
551193 | typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit | xorg-server (Ubuntu) | High | Fix Released | ||
551193 | typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit | X.Org X server | High | Fix Released | ||
551193 | typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit | xorg-server (Ubuntu Hardy) | Undecided | Fix Released | ||
551193 | typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit | xorg-server (Ubuntu Jaunty) | Undecided | Fix Released | ||
551193 | typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit | xorg-server (Ubuntu Karmic) | Undecided | Fix Released | ||
551193 | typo in mod() macro leads to 3rd-party controllable Xorg crash/exploit | xorg-server (Ubuntu Lucid) | High | Fix Released |
See the
CVE page on Mitre.org
for more details.