Vulnerability Details : CVE-2011-0465
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
Products affected by CVE-2011-0465
- cpe:2.3:a:x:x11:*:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r7.3:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r7.5:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r5:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.3:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.1:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r7.2:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r7.1:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r7.0:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.4:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r2:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r1:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r7.4:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.7:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r6.6:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r4:*:*:*:*:*:*:*
- cpe:2.3:a:x:x11:r3:*:*:*:*:*:*:*
- cpe:2.3:a:matthias_hopf:xrdb:*:*:*:*:*:*:*:*
- cpe:2.3:a:matthias_hopf:xrdb:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:matthias_hopf:xrdb:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:matthias_hopf:xrdb:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:matthias_hopf:xrdb:1.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:matthias_hopf:xrdb:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:matthias_hopf:xrdb:1.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-0465
9.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0465
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2011-0465
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0465
-
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
[security-announce] SUSE Security Announcement: xorg-x11 (SUSE-SA:2011:0
-
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
xorg/app/xrdb - X server resource database utility (mirrored from https://gitlab.freedesktop.org/xorg/app/xrdb)Patch
-
http://secunia.com/advisories/44123
Sign in
-
https://bugzilla.redhat.com/show_bug.cgi?id=680196
680196 – (CVE-2011-0465) CVE-2011-0465 xorg: xrdb code execution via crafted X client hostnamePatch
-
http://www.ubuntu.com/usn/USN-1107-1
USN-1107-1: x11-xserver-utils vulnerability | Ubuntu security notices
-
http://www.vupen.com/english/advisories/2011/0966
Webmail | OVH- OVH
-
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
[ANNOUNCE] xrdb 1.0.9Patch
-
http://www.vupen.com/english/advisories/2011/0880
Webmail | OVH- OVHVendor Advisory
-
http://secunia.com/advisories/44082
Sign in
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
The Slackware Linux Project: Slackware Security Advisories
-
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
[ANNOUNCE] X.Org security advisory: root hole via rogue hostnamePatch
-
https://lwn.net/Articles/437150/
openSUSE alert openSUSE-SU-2011:0298-1 (xorg-x11) [LWN.net]
-
http://www.vupen.com/english/advisories/2011/0906
Webmail | OVH- OVH
-
http://www.redhat.com/support/errata/RHSA-2011-0433.html
Support
-
http://secunia.com/advisories/44122
Sign in
-
http://www.vupen.com/english/advisories/2011/0929
Webmail | OVH- OVH
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
X.Org X11 xrdb utility command execution CVE-2011-0465 Vulnerability Report
-
http://secunia.com/advisories/44193
Sign in
-
http://secunia.com/advisories/44040
Sign inVendor Advisory
-
http://www.securityfocus.com/bid/47189
X.Org xrdb Remote Arbitrary Shell Command Injection Vulnerability
-
http://secunia.com/advisories/44010
Sign in
-
http://www.redhat.com/support/errata/RHSA-2011-0432.html
Support
-
http://www.vupen.com/english/advisories/2011/0889
Webmail | OVH- OVH
-
http://secunia.com/advisories/44012
Sign in
-
http://www.securitytracker.com/id?1025317
X xrdb Input Validation Flaw in Processing Hostname Lets Remote Users Execute Arbitrary Commands - SecurityTracker
-
http://www.vupen.com/english/advisories/2011/0975
Webmail | OVH- OVH
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
mandriva.com
-
http://www.debian.org/security/2011/dsa-2213
Debian -- Security Information -- DSA-2213-1 x11-xserver-utils
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
[SECURITY] Fedora 14 Update: xorg-x11-server-utils-7.5-5.fc14
Jump to