oss-sec mailing list archives
CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)
From: Nico Golde <oss-security+ml () ngolde de>
Date: Tue, 5 May 2009 16:59:05 +0200
Hi Steve, can I get a CVE id for http://bugs.debian.org/526678 The xvfb-run script used in Debian insecurely passes the X magic cookie via the commandline so it's an easy thing to grab it with system access. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Vincent Danen (May 05)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Steven M. Christey (May 06)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)