Published: 08/04/2011 Updated: 17/08/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

xrdb.c in xrdb prior to 1.0.9 in X.Org X11R7.6 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
x x11
x x11 r7.5
matthias hopf xrdb 1.0.6
matthias hopf xrdb 1.0.5
matthias hopf xrdb 1.0.4
x x11 r6.8.0
x x11 r6.7.0
x x11 r6
x x11 r5
matthias hopf xrdb
matthias hopf xrdb 1.0.7
x x11 r6.8.2
x x11 r6.8.1
x x11 r6.3
x x11 r6.1
x x11 r7.2
x x11 r7.1
x x11 r7.0
x x11 r6.9.0
x x11 r6.5.1
x x11 r6.4
x x11 r2
x x11 r1
x x11 r7.4
x x11 r7.3
matthias hopf xrdb 1.0.3
matthias hopf xrdb 1.0.2
x x11 r6.7
x x11 r6.6
x x11 r4
x x11 r3

Debian Bug report logs - #621423 /usr/bin/xrdb: xdmcp rogue hostname security Package: x11-xserver-utils; Maintainer for x11-xserver-utils is Debian X Strike Force <debian-x@listsdebianorg>; Source for x11-xserver-utils is src:x11-xserver-utils (PTS, buildd, popcon) Reported by: Paul Szabo <paulszabo@sydneyeduau> ...

An attacker could send crafted input to xrdb and cause it to run programs as root ...

Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or the attacker is able to place a rogue DHCP server into the v ...

CWE-20 http://secunia.com/advisories/44040 https://bugzilla.redhat.com/show_bug.cgi?id=680196 http://www.vupen.com/english/advisories/2011/0880 http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html http://www.securityfocus.com/bid/47189 http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 http://secunia.com/advisories/44123 http://www.debian.org/security/2011/dsa-2213 http://www.vupen.com/english/advisories/2011/0929 http://secunia.com/advisories/44082 http://www.redhat.com/support/errata/RHSA-2011-0432.html http://www.vupen.com/english/advisories/2011/0906 http://secunia.com/advisories/44122 http://www.vupen.com/english/advisories/2011/0889 https://lwn.net/Articles/437150/http://secunia.com/advisories/44193 http://www.ubuntu.com/usn/USN-1107-1 http://secunia.com/advisories/44012 http://secunia.com/advisories/44010 http://www.redhat.com/support/errata/RHSA-2011-0433.html http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748 http://www.vupen.com/english/advisories/2011/0975 http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html http://www.securitytracker.com/id?1025317 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html http://www.vupen.com/english/advisories/2011/0966 http://www.mandriva.com/security/advisories?name=MDVSA-2011:076 https://exchange.xforce.ibmcloud.com/vulnerabilities/66585 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621423 https://usn.ubuntu.com/1107-1/https://nvd.nist.gov

CVE-2011-0465

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect