oss-sec mailing list archives
Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 6 May 2009 12:10:21 -0400 (EDT)
====================================================== Name: CVE-2009-1573 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1573 Reference: MLIST:[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/05/2 Reference: MLIST:[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Reference: URL:http://www.openwall.com/lists/oss-security/2009/05/05/4 Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678 xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.
Current thread:
- CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Vincent Danen (May 05)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Steven M. Christey (May 06)
- Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Nico Golde (May 05)