CVE-2011-0465

Related Files

Mandriva Linux Security Advisory 2011-076

Posted Apr 21, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-076 - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a XDMCP message.

tags | advisory, remote, arbitrary, shell

systems | linux, mandriva

advisories | CVE-2011-0465

SHA-256 | 98c29e489c7a3034e37fef43ea71869d0f15c136da08b86e735d49fce054a15a

Download | Favorite | View

Debian Security Advisory 2213-1

Posted Apr 9, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2213-1 - Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames. This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or the attacker is able to place a rogue DHCP server into the victims network.

tags | advisory, remote, arbitrary, root

systems | linux, debian

advisories | CVE-2011-0465

SHA-256 | fcc6619ce6b7f72bd77b82194eaaccac5949dc8930ed5b9ec96a2cfa03d9660d

Download | Favorite | View

Ubuntu Security Notice USN-1107-1

Posted Apr 6, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1107-1 - Sebastian Krahmer discovered that the xrdb utility incorrectly filtered crafted hostnames. An attacker could use this flaw with a malicious DHCP server or with a remote xdmcp login and execute arbitrary code, resulting in root privilege escalation.

tags | advisory, remote, arbitrary, root

systems | linux, ubuntu

advisories | CVE-2011-0465

SHA-256 | 2aead4c5c3997792e40047475fdd54a49a7f75e90e4569be899aaca5b57c23cc

Download | Favorite | View