exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-076

Mandriva Linux Security Advisory 2011-076
Posted Apr 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-076 - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a XDMCP message.

tags | advisory, remote, arbitrary, shell
systems | linux, mandriva
advisories | CVE-2011-0465
SHA-256 | 98c29e489c7a3034e37fef43ea71869d0f15c136da08b86e735d49fce054a15a

Mandriva Linux Security Advisory 2011-076

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:076
http://www.mandriva.com/security/
_______________________________________________________________________

Package : xrdb
Date : April 21, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in xrdb:

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote
attackers to execute arbitrary commands via shell metacharacters in a
hostname obtained from a (1) DHCP or (2) XDMCP message (CVE-2011-0465).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0465
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
60ecd2dcd071e0bf9b3afe883089c1e8 2009.0/i586/xrdb-1.0.5-2.1mdv2009.0.i586.rpm
c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
f30e9837ea55b7e8ca3b07df10f6d3da 2009.0/x86_64/xrdb-1.0.5-2.1mdv2009.0.x86_64.rpm
c54552dc2be1d209306d10485c51a58f 2009.0/SRPMS/xrdb-1.0.5-2.1mdv2009.0.src.rpm

Mandriva Linux 2010.0:
427c231f890f19d1795ebbdfdf1666bd 2010.0/i586/xrdb-1.0.5-3.1mdv2010.0.i586.rpm
9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
9fa3abb96735f0ca635cb291e50bb752 2010.0/x86_64/xrdb-1.0.5-3.1mdv2010.0.x86_64.rpm
9343722a33c12c0dbc2737fd594fa187 2010.0/SRPMS/xrdb-1.0.5-3.1mdv2010.0.src.rpm

Mandriva Linux 2010.1:
0985cb845115c17162f54c0ed817eb29 2010.1/i586/xrdb-1.0.6-1.1mdv2010.2.i586.rpm
bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
f2bdd265ca0750ff8e056d47fcccd395 2010.1/x86_64/xrdb-1.0.6-1.1mdv2010.2.x86_64.rpm
bddf6ad2c3f0962a7a5cacd9dd4e16d5 2010.1/SRPMS/xrdb-1.0.6-1.1mdv2010.2.src.rpm

Corporate 4.0:
5225e55fb24c725fc8f460354fd7caf7 corporate/4.0/i586/libxorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
b6bfd335354d16f7e0c09999ce2f3f81 corporate/4.0/i586/libxorg-x11-devel-6.9.0-5.19.20060mlcs4.i586.rpm
fc5b84b8ce7857ed2c2029db2e4d564d corporate/4.0/i586/libxorg-x11-static-devel-6.9.0-5.19.20060mlcs4.i586.rpm
54532ced01faa7ce715991ff371611f7 corporate/4.0/i586/X11R6-contrib-6.9.0-5.19.20060mlcs4.i586.rpm
8e3fb2bd5b943c12cd63da5e17b50436 corporate/4.0/i586/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
80029cb36d7a9fa098cd6866998b3156 corporate/4.0/i586/xorg-x11-6.9.0-5.19.20060mlcs4.i586.rpm
22ef9b6ab80d926a434e9d3d9fb27028 corporate/4.0/i586/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
9988917b19a5a0eadc44c763e2d66db8 corporate/4.0/i586/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.i586.rpm
5d6cf097cd197521bed55207151a8262 corporate/4.0/i586/xorg-x11-doc-6.9.0-5.19.20060mlcs4.i586.rpm
a91cad9347cd3d0579a6be84d8267d6a corporate/4.0/i586/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.i586.rpm
321500342b29f25beaa5e27f26837fb2 corporate/4.0/i586/xorg-x11-server-6.9.0-5.19.20060mlcs4.i586.rpm
0abec00155e0a5fe9a392f136b1bfb7b corporate/4.0/i586/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.i586.rpm
d4bfbd64a6b68bb64fd2c795610fbf6d corporate/4.0/i586/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.i586.rpm
9651e47d4a3644c001843bb10cc4edb7 corporate/4.0/i586/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.i586.rpm
723cb1007017996b97e633981865c806 corporate/4.0/i586/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.i586.rpm
03c42c17b7cc519640b0a055928a9cb5 corporate/4.0/i586/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.i586.rpm
ea4dcdd36bc60ce19338790610c04af1 corporate/4.0/i586/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.i586.rpm
6b2b79934268dfbaa76700ba6d737247 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
107e45d41b6158e309254f7f0375f4be corporate/4.0/x86_64/lib64xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
08609d94b50950755e27b3df08c4bd07 corporate/4.0/x86_64/lib64xorg-x11-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
e7b6b41d67065c7de38adec514edbe94 corporate/4.0/x86_64/lib64xorg-x11-static-devel-6.9.0-5.19.20060mlcs4.x86_64.rpm
1120443bea193b407062834d65047977 corporate/4.0/x86_64/X11R6-contrib-6.9.0-5.19.20060mlcs4.x86_64.rpm
df714fcee04af6889907be7ba91c3dd9 corporate/4.0/x86_64/xorg-x11-100dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
76e13eace2a5859b2e04d20d5b303835 corporate/4.0/x86_64/xorg-x11-6.9.0-5.19.20060mlcs4.x86_64.rpm
b790aea2730d014ce9605818b4f16ae9 corporate/4.0/x86_64/xorg-x11-75dpi-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
edb96b1bd7d6606565fccd16f36526db corporate/4.0/x86_64/xorg-x11-cyrillic-fonts-6.9.0-5.19.20060mlcs4.x86_64.rpm
ea46c3d077a291bbf6f858c32ef81975 corporate/4.0/x86_64/xorg-x11-doc-6.9.0-5.19.20060mlcs4.x86_64.rpm
3cd6a0062ba54222aadb6035655ea015 corporate/4.0/x86_64/xorg-x11-glide-module-6.9.0-5.19.20060mlcs4.x86_64.rpm
9bf18b5203c3c9932ab041a2772eba7f corporate/4.0/x86_64/xorg-x11-server-6.9.0-5.19.20060mlcs4.x86_64.rpm
61887ebe914f98d873b7bf958db70dba corporate/4.0/x86_64/xorg-x11-xauth-6.9.0-5.19.20060mlcs4.x86_64.rpm
c61265b4bb19e133688a093238d699c5 corporate/4.0/x86_64/xorg-x11-Xdmx-6.9.0-5.19.20060mlcs4.x86_64.rpm
66bedef6b606dcf6ac337e86b8e0c7a1 corporate/4.0/x86_64/xorg-x11-xfs-6.9.0-5.19.20060mlcs4.x86_64.rpm
fb2b9bda00c1b90e341b5e59409f8a8a corporate/4.0/x86_64/xorg-x11-Xnest-6.9.0-5.19.20060mlcs4.x86_64.rpm
5008a8450fa211b14d7fa8c779b9ecac corporate/4.0/x86_64/xorg-x11-Xprt-6.9.0-5.19.20060mlcs4.x86_64.rpm
f983f06870856e2005f54d42d7689285 corporate/4.0/x86_64/xorg-x11-Xvfb-6.9.0-5.19.20060mlcs4.x86_64.rpm
6b2b79934268dfbaa76700ba6d737247 corporate/4.0/SRPMS/xorg-x11-6.9.0-5.19.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
177da11f1c81a977b82b7959ab52feee mes5/i586/xrdb-1.0.5-2.1mdvmes5.2.i586.rpm
8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm

Mandriva Enterprise Server 5/X86_64:
62130274606d98bf1a47e3d0117bbe34 mes5/x86_64/xrdb-1.0.5-2.1mdvmes5.2.x86_64.rpm
8092d340dad307ec0bba8f2944ab1cd9 mes5/SRPMS/xrdb-1.0.5-2.1mdvmes5.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNsB8omqjQ0CJFipgRAnvnAKCE0gWGkUELc62dOa9WlADcuyzzHwCg84vd
2hKoj4onH9OWCRgEar4H72o=
=LBGQ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close