Local Privilege Escalation Vulnerability in xvfb-run on Multiple Linux Distributions
CVE-2009-1573

Currently unrated

Key Information:

Vendor: Debian
Status: Debian Linux; Fedora; Linux; Xvfb-run
Vendor: CVE Published:; 6 May 2009

Summary

The xvfb-run utility in version 1.6.1 for Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems contains a security flaw. This vulnerability arises when the magic cookie (MCOOKIE) is exposed on the command line, enabling local users to enumerate running processes along with their arguments. As a result, an unauthorized user could potentially exploit this access to escalate their privileges within the system.

References

http://www.openwall.com/lists/oss-security/2009/05/05/2

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2009/05/05/4

mailing-listx_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678

x_refsource_CONFIRM

Timeline

Vulnerability published
May 6, 2009
Vulnerability Reserved
May 6, 2009