xorg-x11: arbitrary command execution as root [LWN.net]

Package(s):

xorg-x11

CVE #(s):

CVE-2011-0465

Created:

April 6, 2011

Updated:

June 13, 2011

Description:

From the X.Org advisory:

By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb.

These specially crafted hostnames can occur in two environments:

Hosts that set their hostname via DHCP
Hosts that allow remote logins via xdmcp

Alerts:

Gentoo	201412-09	racer-bin, fmod, PEAR-Mail, lvm2, gnucash, xine-lib, lastfmplayer, webkit-gtk, shadow, PEAR-PEAR, unixODBC, resource-agents, mrouted, rsync, xmlsec, xrdb, vino, oprofile, syslog-ng, sflowtool, gdm, libsoup, ca-certificates, gitolite, qt-creator	2014-12-11
Fedora	FEDORA-2011-4879	xorg-x11-server-utils	2011-04-06
CentOS	CESA-2011:0432	xorg-x11	2011-04-19
Fedora	FEDORA-2011-4871	xorg-x11-server-utils	2011-04-06
CentOS	CESA-2011:0433	xorg-x11-server-utils	2011-04-14
SUSE	SUSE-SA:2011:016	xorg-x11	2011-04-13
Slackware	SSA:2011-096-01	xrdb	2011-04-12
Red Hat	RHSA-2011:0433-01	xorg-x11-server-utils	2011-04-11
Red Hat	RHSA-2011:0432-01	xorg-x11	2011-04-11
Debian	DSA-2213-1	x11-xserver-utils	2011-04-08
Ubuntu	USN-1107-1	x11-xserver-utils	2011-04-06
openSUSE	openSUSE-SU-2011:0298-1	xorg-x11	2011-04-06
Mandriva	MDVSA-2011:076	xrdb	2011-04-21