X.Org security advisory: root hole via rogue hostname
Bug #752310 reported by
Dmitry
This bug report is a duplicate of:
Bug #752315: [SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main).
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xrdb (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: xrdb
Overview
--------
By crafting hostnames with shell escape characters, arbitrary commands
can be executed in a root environment when a display manager reads in
the resource database via xrdb.
These specially crafted hostnames can occur in two environments:
* Hosts that set their hostname via DHCP
* Hosts that allow remote logins via xdmcp
For more details see: http://
CVE References
visibility: | private → public |
To post a comment you must log in.