REDHAT-BUG-680196
First published: Thu Feb 24 2011(Updated: )
It was found that xrdb, the X server resource database utility, did not properly sanitize system host names, containing shell escape characters, during launch of user graphical session (when the display manager retrieved the system host name from resource database via xrdb). When the display manager was configured to listen for X Display Manager Control Protocol (XDMCP) messages, a remote attacker could use this flaw to remotely execute arbitrary code with the privileges, of the user running the display manager (usually privileged system user, root). On systems, where the XDMCP messages were disabled and the system was configured to retrieve its host name from remote DHCP server, a rogue DHCP server could use this flaw to possibly execute arbitrary code with the privileges of the user running the display manager (usually root) via a specially-crafted host name assigned to the victim host in question. Note: ===== The display managers, shipped with Red Hat Enterprise Linux 4, 5, and 6 do not listen for remote XDMCP messages in the default configuration, which mitigates this security flaw to be exploitable only by rogue remote DHCP servers. The display managers, shipped with Fedora release of 13 and 14 do not listen for remote XDMCP messages in the default configuration, which mitigates this security flaw to be exploitable only by rogue remote DHCP servers.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux | >=4<7 | |
| Fedora | >=13<15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
- http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
- http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
- https://rhn.redhat.com/errata/RHSA-2011-0433.html
- https://rhn.redhat.com/errata/RHSA-2011-0432.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=680196#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=680196#c11
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696310
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696316
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=696317
- https://bugzilla.redhat.com/show_bug.cgi?id=680196
Frequently Asked Questions
What is the severity of REDHAT-BUG-680196?
The severity of REDHAT-BUG-680196 is moderate due to potential exploitation via injection of shell escape characters.
How do I fix REDHAT-BUG-680196?
To fix REDHAT-BUG-680196, update your system to the latest versions of Red Hat Enterprise Linux or Fedora that include the patched xrdb utility.
What versions are affected by REDHAT-BUG-680196?
REDHAT-BUG-680196 affects Red Hat Enterprise Linux versions 4 to 7 and Fedora versions 13 to 15.
What component is primarily involved in REDHAT-BUG-680196?
The primary component involved in REDHAT-BUG-680196 is the xrdb utility, which is used for managing the X server resource database.
What type of vulnerability is REDHAT-BUG-680196 classified as?
REDHAT-BUG-680196 is classified as a command injection vulnerability due to improper sanitization of system host names.
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-0465
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/red hat
- canonical/red hat enterprise linux
- vendor/fedora
- canonical/fedora