CVE-2009-1573
Published: 6 May 2009
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Priority
Status
Package | Release | Status |
---|---|---|
xorg-server Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Released
(2:1.4.1~git20080131-1ubuntu9.3)
|
|
intrepid |
Ignored
(end of life, was needed)
|
|
jaunty |
Released
(2:1.6.0-0ubuntu14.2)
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
upstream |
Not vulnerable
(code not present)
|
|
Patches: vendor: http://git.debian.org/?p=pkg-xorg/xserver/xorg-server.git;a=commitdiff;h=ecf09e571198ee16256a5efd1c23fd286a4f2249;hp=cbccf51785b500f51dc974ed05f5512181d4c51f |