Unrated severityNVD Advisory· Published May 6, 2009· Updated Apr 23, 2026

CVE-2009-1573

Description

xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments.

Affected products

Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
Red Hat/Fedora
cpe:2.3:o:redhat:fedora:10:*:*:*:*:*:*:*
Ubuntu/Linux
cpe:2.3:o:ubuntu:linux:*:*:*:*:*:*:*:*
Branden Robinson/Xvfb Run
cpe:2.3:a:branden_robinson:xvfb-run:1.6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.debian.org/cgi-bin/bugreport.cginvdExploitVendor Advisory
secunia.com/advisories/39834nvd
www.openwall.com/lists/oss-security/2009/05/05/2nvd
www.openwall.com/lists/oss-security/2009/05/05/4nvd
www.securityfocus.com/bid/34828nvd
www.ubuntu.com/usn/USN-939-1nvd
www.vupen.com/english/advisories/2010/1185nvd
exchange.xforce.ibmcloud.com/vulnerabilities/50348nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000