Launchpad CVE tracker

CVE 2011-0465

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Related bugs and status

CVE-2011-0465 (Candidate) is related to these bugs:

Bug #752310: X.Org security advisory: root hole via rogue hostname

Summary				In	Importance	Status
	752310	X.Org security advisory: root hole via rogue hostname		xrdb (Ubuntu)	Undecided	New

Bug #752315: [SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)

		In	Importance	Status
752315	[SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)	x11-xserver-utils (Ubuntu)	Wishlist	Fix Released
752315	[SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)	x11-xserver-utils (Ubuntu Hardy)	Undecided	Fix Released
752315	[SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)	x11-xserver-utils (Ubuntu Lucid)	Undecided	Fix Released
752315	[SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)	x11-xserver-utils (Ubuntu Maverick)	Undecided	Fix Released
752315	[SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)	x11-xserver-utils (Ubuntu Natty)	Wishlist	Fix Released
752315	[SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)	x11-xserver-utils (Ubuntu Karmic)	Undecided	Fix Released
752315	[SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main)	x11-xserver-utils (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-0465

References