FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2011-0465

This CVE name corresponds to:

Entered Topic
2011-04-14 xrdb -- root hole via rogue hostname

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2011-0465 at cve.mitre.org

Details

Type Candidate
Name CVE-2011-0465
Phase Assigned(20110114)

Description

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

References

Source Reference
MLIST [xorg-announce] 20110405 X.Org security advisory: root hole via rogue hostname
MLIST [xorg-announce] 20110405 xrdb 1.0.9
CONFIRM http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=680196
DEBIAN DSA-2213
FEDORA FEDORA-2011-4871
MANDRIVA MDVSA-2011:076
REDHAT RHSA-2011:0432
REDHAT RHSA-2011:0433
SLACKWARE SSA:2011-096-01
SUSE SUSE-SA:2011:016
SUSE openSUSE-SU-2011:0298
UBUNTU USN-1107-1
BID 47189
SECTRACK 1025317
SECUNIA 44040
SECUNIA 44010
SECUNIA 44012
SECUNIA 44082
SECUNIA 44122
SECUNIA 44123
SECUNIA 44193
VUPEN ADV-2011-0880
VUPEN ADV-2011-0889
VUPEN ADV-2011-0906
VUPEN ADV-2011-0929
VUPEN ADV-2011-0966
VUPEN ADV-2011-0975
XF xorg11-xrdb-command-execution(66585)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.