9.3

CVE-2011-0465

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Matthias HopfXrdb Version <= 1.0.8
Matthias HopfXrdb Version1.0.2
Matthias HopfXrdb Version1.0.3
Matthias HopfXrdb Version1.0.4
Matthias HopfXrdb Version1.0.5
Matthias HopfXrdb Version1.0.6
Matthias HopfXrdb Version1.0.7
XX11 Version <= r7.6
XX11 Versionr1
XX11 Versionr2
XX11 Versionr3
XX11 Versionr4
XX11 Versionr5
XX11 Versionr6
XX11 Versionr6.1
XX11 Versionr6.3
XX11 Versionr6.4
XX11 Versionr6.5.1
XX11 Versionr6.6
XX11 Versionr6.7
XX11 Versionr6.7.0
XX11 Versionr6.8.0
XX11 Versionr6.8.1
XX11 Versionr6.8.2
XX11 Versionr6.9.0
XX11 Versionr7.0
XX11 Versionr7.1
XX11 Versionr7.2
XX11 Versionr7.3
XX11 Versionr7.4
XX11 Versionr7.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.78% 0.921
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html
Patch
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
Patch
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html
http://secunia.com/advisories/44010
http://secunia.com/advisories/44012
http://secunia.com/advisories/44040
Vendor Advisory
http://secunia.com/advisories/44082
http://secunia.com/advisories/44122
http://secunia.com/advisories/44123
http://secunia.com/advisories/44193
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748
http://www.debian.org/security/2011/dsa-2213
http://www.mandriva.com/security/advisories?name=MDVSA-2011:076
http://www.redhat.com/support/errata/RHSA-2011-0432.html
http://www.redhat.com/support/errata/RHSA-2011-0433.html
http://www.securityfocus.com/bid/47189
http://www.securitytracker.com/id?1025317
http://www.ubuntu.com/usn/USN-1107-1
http://www.vupen.com/english/advisories/2011/0880
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0889
http://www.vupen.com/english/advisories/2011/0906
http://www.vupen.com/english/advisories/2011/0929
http://www.vupen.com/english/advisories/2011/0966
http://www.vupen.com/english/advisories/2011/0975
https://bugzilla.redhat.com/show_bug.cgi?id=680196
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/66585
https://lwn.net/Articles/437150/