Mandriva Linux Security Advisory 2011-076 - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a XDMCP message.
98c29e489c7a3034e37fef43ea71869d0f15c136da08b86e735d49fce054a15a
Debian Linux Security Advisory 2213-1 - Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility, is not properly filtering crafted hostnames. This allows a remote attacker to execute arbitrary code with root privileges given that either remote logins via xdmcp are allowed or the attacker is able to place a rogue DHCP server into the victims network.
fcc6619ce6b7f72bd77b82194eaaccac5949dc8930ed5b9ec96a2cfa03d9660d
Ubuntu Security Notice 1107-1 - Sebastian Krahmer discovered that the xrdb utility incorrectly filtered crafted hostnames. An attacker could use this flaw with a malicious DHCP server or with a remote xdmcp login and execute arbitrary code, resulting in root privilege escalation.
2aead4c5c3997792e40047475fdd54a49a7f75e90e4569be899aaca5b57c23cc