CVE-2011-0465: Input Validation
First published: Thu Feb 24 2011(Updated: )
It was found that xrdb, the X server resource database utility, did not properly sanitize system host names, containing shell escape characters, during launch of user graphical session (when the display manager retrieved the system host name from resource database via xrdb). When the display manager was configured to listen for X Display Manager Control Protocol (XDMCP) messages, a remote attacker could use this flaw to remotely execute arbitrary code with the privileges, of the user running the display manager (usually privileged system user, root). On systems, where the XDMCP messages were disabled and the system was configured to retrieve its host name from remote DHCP server, a rogue DHCP server could use this flaw to possibly execute arbitrary code with the privileges of the user running the display manager (usually root) via a specially-crafted host name assigned to the victim host in question. Note: ===== The display managers, shipped with Red Hat Enterprise Linux 4, 5, and 6 do not listen for remote XDMCP messages in the default configuration, which mitigates this security flaw to be exploitable only by rogue remote DHCP servers. The display managers, shipped with Fedora release of 13 and 14 do not listen for remote XDMCP messages in the default configuration, which mitigates this security flaw to be exploitable only by rogue remote DHCP servers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X11 Fonts Utilities | =r7.0 | |
| X11 Fonts Utilities | =r3 | |
| X11 Fonts Utilities | =r6.1 | |
| X11 Fonts Utilities | =r6.8.0 | |
| xrdb | =1.0.2 | |
| X11 Fonts Utilities | =r6.7 | |
| X11 Fonts Utilities | =r7.2 | |
| X11 Fonts Utilities | =r2 | |
| X11 Fonts Utilities | <=r7.6 | |
| X11 Fonts Utilities | =r7.1 | |
| X11 Fonts Utilities | =r7.5 | |
| X11 Fonts Utilities | =r5 | |
| X11 Fonts Utilities | =r6.9.0 | |
| X11 Fonts Utilities | =r7.3 | |
| X11 Fonts Utilities | =r1 | |
| X11 Fonts Utilities | =r6.8.1 | |
| X11 Fonts Utilities | =r6.4 | |
| xrdb | =1.0.4 | |
| xrdb | <=1.0.8 | |
| xrdb | =1.0.7 | |
| xrdb | =1.0.5 | |
| X11 Fonts Utilities | =r4 | |
| X11 Fonts Utilities | =r7.4 | |
| xrdb | =1.0.3 | |
| X11 Fonts Utilities | =r6.6 | |
| X11 Fonts Utilities | =r6.8.2 | |
| X11 Fonts Utilities | =r6.5.1 | |
| X11 Fonts Utilities | =r6.3 | |
| X11 Fonts Utilities | =r6.7.0 | |
| X11 Fonts Utilities | =r6 | |
| xrdb | =1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/44040
- https://bugzilla.redhat.com/show_bug.cgi?id=680196
- http://www.vupen.com/english/advisories/2011/0880
- http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
- http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
- http://www.securityfocus.com/bid/47189
- http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
- http://secunia.com/advisories/44123
- http://www.debian.org/security/2011/dsa-2213
- http://www.vupen.com/english/advisories/2011/0929
- http://secunia.com/advisories/44082
- http://www.redhat.com/support/errata/RHSA-2011-0432.html
- http://www.vupen.com/english/advisories/2011/0906
- http://secunia.com/advisories/44122
- http://www.vupen.com/english/advisories/2011/0889
- https://lwn.net/Articles/437150/
- http://secunia.com/advisories/44193
- http://www.ubuntu.com/usn/USN-1107-1
- http://secunia.com/advisories/44012
- http://secunia.com/advisories/44010
- http://www.redhat.com/support/errata/RHSA-2011-0433.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
- http://www.vupen.com/english/advisories/2011/0975
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
- http://www.securitytracker.com/id?1025317
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
- http://www.vupen.com/english/advisories/2011/0966
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
- https://rhn.redhat.com/errata/RHSA-2011-0433.html
- https://rhn.redhat.com/errata/RHSA-2011-0432.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=680196#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=680196#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696310
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696316
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696317
Frequently Asked Questions
What is the severity of CVE-2011-0465?
The severity of CVE-2011-0465 is typically rated as medium, indicating that it can potentially lead to security risks if not addressed.
How do I fix CVE-2011-0465?
To fix CVE-2011-0465, users should update to the latest patched version of the affected software, particularly the X.Org Server or xrdb.
Which software versions are affected by CVE-2011-0465?
CVE-2011-0465 affects multiple versions of X.Org Server, specifically from r1 to r7.6, as well as specific versions of xrdb including 1.0.2, 1.0.4, 1.0.7, 1.0.6, etc.
What type of vulnerability is CVE-2011-0465?
CVE-2011-0465 is a security vulnerability that involves improper sanitization of system hostnames, which could allow for shell escape attacks.
Who is impacted by CVE-2011-0465?
Users of the affected versions of X.Org Server and xrdb, particularly those running graphical sessions on vulnerable systems, are impacted by CVE-2011-0465.
- agent/type
- agent/first-publish-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0465
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/x
- canonical/x11 fonts utilities
- version/x11 fonts utilities/r7.0
- version/x11 fonts utilities/r3
- version/x11 fonts utilities/r6.1
- version/x11 fonts utilities/r6.8.0
- vendor/matthias hopf
- canonical/xrdb
- version/xrdb/1.0.2
- version/x11 fonts utilities/r6.7
- version/x11 fonts utilities/r7.2
- version/x11 fonts utilities/r2
- version/x11 fonts utilities/r7.6
- version/x11 fonts utilities/r7.1
- version/x11 fonts utilities/r7.5
- version/x11 fonts utilities/r5
- version/x11 fonts utilities/r6.9.0
- version/x11 fonts utilities/r7.3
- version/x11 fonts utilities/r1
- version/x11 fonts utilities/r6.8.1
- version/x11 fonts utilities/r6.4
- version/xrdb/1.0.4
- version/xrdb/1.0.8
- version/xrdb/1.0.7
- version/xrdb/1.0.5
- version/x11 fonts utilities/r4
- version/x11 fonts utilities/r7.4
- version/xrdb/1.0.3
- version/x11 fonts utilities/r6.6
- version/x11 fonts utilities/r6.8.2
- version/x11 fonts utilities/r6.5.1
- version/x11 fonts utilities/r6.3
- version/x11 fonts utilities/r6.7.0
- version/x11 fonts utilities/r6
- version/xrdb/1.0.6