CVE-2011-0465

Published: Apr 8, 2011Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Affected (31)

Products: Matthias Hopf: Xrdb · X: X11

Matthias Hopf

1 product

Xrdb

1 product

X11

Configuration A

31 vulnerable

Vulnerable Software	Affected Versions
Matthias Hopf Xrdb	Up to 1.0.8
Matthias Hopf Xrdb	Version 1.0.2
Matthias Hopf Xrdb	Version 1.0.3
Matthias Hopf Xrdb	Version 1.0.4
Matthias Hopf Xrdb	Version 1.0.5
Matthias Hopf Xrdb	Version 1.0.6
Matthias Hopf Xrdb	Version 1.0.7
X X11	Up to r7.6
X X11	Version r1
X X11	Version r2
X X11	Version r3
X X11	Version r4
X X11	Version r5
X X11	Version r6.1
X X11	Version r6.3
X X11	Version r6.4
X X11	Version r6.5.1
X X11	Version r6.6
X X11	Version r6.7.0
X X11	Version r6.7
X X11	Version r6.8.0
X X11	Version r6.8.1
X X11	Version r6.8.2
X X11	Version r6.9.0
X X11	Version r6
X X11	Version r7.0
X X11	Version r7.1
X X11	Version r7.2
X X11	Version r7.3
X X11	Version r7.4
X X11	Version r7.5

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (58)

http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56

Source: cve@mitre.org

Patch

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html

Source: cve@mitre.org

http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html

Source: cve@mitre.org

Patch

http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html

Source: cve@mitre.org

Patch

http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/44010

Source: cve@mitre.org

http://secunia.com/advisories/44012

Source: cve@mitre.org

http://secunia.com/advisories/44040

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/44082

Source: cve@mitre.org

http://secunia.com/advisories/44122

Source: cve@mitre.org

http://secunia.com/advisories/44123

Source: cve@mitre.org

http://secunia.com/advisories/44193

Source: cve@mitre.org

http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748

Source: cve@mitre.org

http://www.debian.org/security/2011/dsa-2213

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2011:076

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2011-0432.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2011-0433.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/47189

Source: cve@mitre.org

http://www.securitytracker.com/id?1025317

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-1107-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0880

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0889

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0906

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0929

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0966

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0975

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=680196

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/66585

Source: cve@mitre.org

https://lwn.net/Articles/437150/

Source: cve@mitre.org

http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56