Vulnerability Details : CVE-2009-1573
xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Exploit prediction scoring system (EPSS) score for CVE-2009-1573
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1573
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2009-1573
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1573
-
http://www.ubuntu.com/usn/USN-939-1
USN-939-1: X.org vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/34828
-
http://www.vupen.com/english/advisories/2010/1185
Webmail | OVH- OVH
-
http://www.openwall.com/lists/oss-security/2009/05/05/2
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/50348
-
http://www.openwall.com/lists/oss-security/2009/05/05/4
-
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678
Exploit;Vendor Advisory
Products affected by CVE-2009-1573
- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*
- cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:*