PT-2011-5211 · X.Org+2 · Xorg-X11+2

Matthieu Herrb

+1

·

Published

1970-01-01

·

Updated

2017-08-17

·

CVE-2011-0465

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions XFree86 versions prior to 1.0.9 xorg-x11 versions prior to 7.4
Description The vulnerability allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP or XDMCP message. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerability can be carried out remotely.
Recommendations For XFree86 versions prior to 1.0.9, update to version 1.0.9 or later. For xorg-x11 versions prior to 7.4, update to version 7.4 or later. As a temporary workaround, consider disabling the xrdb.c function in XFree86 until a patch is available. Restrict access to the vulnerable xorg-x11 module to minimize the risk of exploitation. Avoid using the hostname parameter in the affected API endpoint until the issue is resolved.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-03293
BDU:2015-04450
BDU:2015-04451
BDU:2015-04452
BDU:2015-04453
BDU:2015-04454
BDU:2015-04455
BDU:2015-04456
BDU:2015-04457
BDU:2015-04458
BDU:2015-04459
BDU:2015-04460
BDU:2015-04461
BDU:2015-04462
BDU:2015-04463
BDU:2015-04464
BDU:2015-04465
BDU:2015-04466
BDU:2015-04467
BDU:2015-04468
BDU:2015-04469
BDU:2015-04470
BDU:2015-04471
BDU:2015-04472
BDU:2015-04473
BDU:2015-04474
BDU:2015-04475
BDU:2015-04476
BDU:2015-04477
BDU:2015-04478
BDU:2015-04479
BDU:2015-04480
BDU:2015-04481
BDU:2015-04482
BDU:2015-04483
BDU:2015-04484
BDU:2015-04485
BDU:2015-04486
BDU:2015-04487
BDU:2015-04488
BDU:2015-04489
BDU:2015-04490
BDU:2015-04491
BDU:2015-04492
BDU:2015-04493
BDU:2015-05316
BDU:2015-05317
BDU:2015-05318
BDU:2015-05319
BDU:2015-05320
BDU:2015-05321
BDU:2015-05322
BDU:2015-05323
BDU:2015-05324
BDU:2015-05325
BDU:2015-05326
BDU:2015-05327
BDU:2015-05328
BDU:2015-05329
BDU:2015-05330
BDU:2015-05331
BDU:2015-05332
BDU:2015-05333
BDU:2015-05334
BDU:2015-05335
BDU:2015-05336
BDU:2015-05337
BDU:2015-05338
BDU:2015-05339
BDU:2015-05340
BDU:2015-05341
BDU:2015-05342
BDU:2015-05343
BDU:2015-05344
BDU:2015-05345
BDU:2015-05346
BDU:2015-05347
BDU:2015-05348
BDU:2015-05349
BDU:2015-05350
BDU:2015-05351
BDU:2015-05352
BDU:2015-05353
BDU:2015-05354
BDU:2015-05355
BDU:2015-05356
BDU:2015-05357
BDU:2015-05358
BDU:2015-05359
BDU:2015-05360
BDU:2015-05361
BDU:2015-05362
BDU:2015-05363
BDU:2015-05364
BDU:2015-07649
BDU:2015-07651
BDU:2015-07652
BDU:2015-07653
BDU:2015-07654
BDU:2015-07702
BDU:2015-07703
BDU:2015-07704
BDU:2015-07705
BDU:2015-07706
BDU:2015-07707
BDU:2015-07708
BDU:2015-07709
BDU:2015-07710
BDU:2015-07711
BDU:2015-07712
BDU:2015-07713
BDU:2015-07714
BDU:2015-07715
BDU:2015-07716
BDU:2015-07717
BDU:2015-08676
BDU:2015-08677
BDU:2015-08678
BDU:2015-08679
BDU:2015-08680
BDU:2015-08681
BDU:2015-08682
BDU:2015-08683
BDU:2015-08684
BDU:2015-08685
BDU:2015-08686
BDU:2015-08687
BDU:2015-08688
BDU:2015-08689
BDU:2015-08690
BDU:2015-08691
BDU:2015-08692
BDU:2015-08693
BDU:2015-08694
BDU:2015-08695
BDU:2015-08696
CVE-2011-0465
DSA-2213-1
OPENSUSE-SU-2024:10431-1
RHSA-2011:0432
RHSA-2011:0433
RHSA-2011_0432
RHSA-2011_0433

Affected Products

Red Hat
Xfree86
Xorg-X11