CVE-2011-0465: Input Validation
First published: Thu Feb 24 2011(Updated: )
It was found that xrdb, the X server resource database utility, did not properly sanitize system host names, containing shell escape characters, during launch of user graphical session (when the display manager retrieved the system host name from resource database via xrdb). When the display manager was configured to listen for X Display Manager Control Protocol (XDMCP) messages, a remote attacker could use this flaw to remotely execute arbitrary code with the privileges, of the user running the display manager (usually privileged system user, root). On systems, where the XDMCP messages were disabled and the system was configured to retrieve its host name from remote DHCP server, a rogue DHCP server could use this flaw to possibly execute arbitrary code with the privileges of the user running the display manager (usually root) via a specially-crafted host name assigned to the victim host in question. Note: ===== The display managers, shipped with Red Hat Enterprise Linux 4, 5, and 6 do not listen for remote XDMCP messages in the default configuration, which mitigates this security flaw to be exploitable only by rogue remote DHCP servers. The display managers, shipped with Fedora release of 13 and 14 do not listen for remote XDMCP messages in the default configuration, which mitigates this security flaw to be exploitable only by rogue remote DHCP servers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| X X11 | =r7.0 | |
| X X11 | =r3 | |
| X X11 | =r6.1 | |
| X X11 | =r6.8.0 | |
| Matthias Hopf Xrdb | =1.0.2 | |
| X X11 | =r6.7 | |
| X X11 | =r7.2 | |
| X X11 | =r2 | |
| X X11 | <=r7.6 | |
| X X11 | =r7.1 | |
| X X11 | =r7.5 | |
| X X11 | =r5 | |
| X X11 | =r6.9.0 | |
| X X11 | =r7.3 | |
| X X11 | =r1 | |
| X X11 | =r6.8.1 | |
| X X11 | =r6.4 | |
| Matthias Hopf Xrdb | =1.0.4 | |
| Matthias Hopf Xrdb | <=1.0.8 | |
| Matthias Hopf Xrdb | =1.0.7 | |
| Matthias Hopf Xrdb | =1.0.5 | |
| X X11 | =r4 | |
| X X11 | =r7.4 | |
| Matthias Hopf Xrdb | =1.0.3 | |
| X X11 | =r6.6 | |
| X X11 | =r6.8.2 | |
| X X11 | =r6.5.1 | |
| X X11 | =r6.3 | |
| X X11 | =r6.7.0 | |
| X X11 | =r6 | |
| Matthias Hopf Xrdb | =1.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/44040
- https://bugzilla.redhat.com/show_bug.cgi?id=680196
- http://www.vupen.com/english/advisories/2011/0880
- http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
- http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
- http://www.securityfocus.com/bid/47189
- http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
- http://secunia.com/advisories/44123
- http://www.debian.org/security/2011/dsa-2213
- http://www.vupen.com/english/advisories/2011/0929
- http://secunia.com/advisories/44082
- http://www.redhat.com/support/errata/RHSA-2011-0432.html
- http://www.vupen.com/english/advisories/2011/0906
- http://secunia.com/advisories/44122
- http://www.vupen.com/english/advisories/2011/0889
- https://lwn.net/Articles/437150/
- http://secunia.com/advisories/44193
- http://www.ubuntu.com/usn/USN-1107-1
- http://secunia.com/advisories/44012
- http://secunia.com/advisories/44010
- http://www.redhat.com/support/errata/RHSA-2011-0433.html
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
- http://www.vupen.com/english/advisories/2011/0975
- http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
- http://www.securitytracker.com/id?1025317
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
- http://www.vupen.com/english/advisories/2011/0966
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
- https://rhn.redhat.com/errata/RHSA-2011-0433.html
- https://rhn.redhat.com/errata/RHSA-2011-0432.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=680196#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=680196#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696310
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696316
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696317
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0465
- agent/tags
- agent/trending
- vendor/x
- canonical/x x11
- version/x x11/r7.0
- version/x x11/r3
- version/x x11/r6.1
- version/x x11/r6.8.0
- vendor/matthias hopf
- canonical/matthias hopf xrdb
- version/matthias hopf xrdb/1.0.2
- version/x x11/r6.7
- version/x x11/r7.2
- version/x x11/r2
- version/x x11/r7.6
- version/x x11/r7.1
- version/x x11/r7.5
- version/x x11/r5
- version/x x11/r6.9.0
- version/x x11/r7.3
- version/x x11/r1
- version/x x11/r6.8.1
- version/x x11/r6.4
- version/matthias hopf xrdb/1.0.4
- version/matthias hopf xrdb/1.0.8
- version/matthias hopf xrdb/1.0.7
- version/matthias hopf xrdb/1.0.5
- version/x x11/r4
- version/x x11/r7.4
- version/matthias hopf xrdb/1.0.3
- version/x x11/r6.6
- version/x x11/r6.8.2
- version/x x11/r6.5.1
- version/x x11/r6.3
- version/x x11/r6.7.0
- version/x x11/r6
- version/matthias hopf xrdb/1.0.6