CVE-2009-1573

Name of the Vulnerable Software and Affected Versions: xvfb-run version 1.6.1

Description: The issue allows local users to gain privileges by listing the process and its arguments, as the magic cookie (MCOOKIE) is placed on the command line. This is a problem in xvfb-run 1.6.1, affecting Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems.

Recommendations: For xvfb-run version 1.6.1, consider restricting access to the command line arguments to minimize the risk of exploitation. As a temporary workaround, avoid using the command line to list processes and their arguments until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.