9.3
CVE-2011-0465
- EPSS 5.78%
- Veröffentlicht 08.04.2011 15:17:25
- Zuletzt bearbeitet 16.06.2026 23:27:26
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Matthias Hopf ≫ Xrdb Version <= 1.0.8
Matthias Hopf ≫ Xrdb Version1.0.2
Matthias Hopf ≫ Xrdb Version1.0.3
Matthias Hopf ≫ Xrdb Version1.0.4
Matthias Hopf ≫ Xrdb Version1.0.5
Matthias Hopf ≫ Xrdb Version1.0.6
Matthias Hopf ≫ Xrdb Version1.0.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.78% | 0.921 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
http://secunia.com/advisories/44010
http://secunia.com/advisories/44012
http://secunia.com/advisories/44040
http://secunia.com/advisories/44082
http://secunia.com/advisories/44122
http://secunia.com/advisories/44123
http://secunia.com/advisories/44193
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
http://www.debian.org/security/2011/dsa-2213
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
http://www.redhat.com/support/errata/RHSA-2011-0432.html
http://www.redhat.com/support/errata/RHSA-2011-0433.html
http://www.securityfocus.com/bid/47189
http://www.securitytracker.com/id?1025317
http://www.ubuntu.com/usn/USN-1107-1
http://www.vupen.com/english/advisories/2011/0880
http://www.vupen.com/english/advisories/2011/0889
http://www.vupen.com/english/advisories/2011/0906
http://www.vupen.com/english/advisories/2011/0929
http://www.vupen.com/english/advisories/2011/0966
http://www.vupen.com/english/advisories/2011/0975
https://bugzilla.redhat.com/show_bug.cgi?id=680196
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
https://lwn.net/Articles/437150/