Ubuntu
xrdb package

X.Org security advisory: root hole via rogue hostname

Bug #752310 reported by Dmitry on 2011-04-06

This bug report is a duplicate of: Bug #752315: [SECURITY update] Sync x11-xserver-utils 7.6+2 (main) from Debian unstable (main). Edit Remove

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	xrdb (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: xrdb

Overview
--------

By crafting hostnames with shell escape characters, arbitrary commands
can be executed in a root environment when a display manager reads in
the resource database via xrdb.

These specially crafted hostnames can occur in two environments:

* Hosts that set their hostname via DHCP
* Hosts that allow remote logins via xdmcp

For more details see: http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html

CVE References

2011-0465

Marc Deslauriers (mdeslaur) on 2011-04-06

visibility:

private → public

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #752315 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuxrdb package