CVE-2011-0465 — Improper Input Validation in Hopf Xrdb

CWE-20 — Improper Input Validation11 documents8 sources

Severity

9.3CRITICALNVD

EPSS

18.0%

top 4.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Matthias Hopf Xrdb X X11

Timeline

PublishedApr 8

Latest updateMay 17

Description

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmatthias_hopf/xrdb1.0.8+6

▶NVDx/x11r7.6+23

Patches

Patch: cgit.freedesktop.org ↗Patch: lists.freedesktop.org ↗Patch: lists.freedesktop.org ↗

🔴Vulnerability Details

GHSA

GHSA-wphx-j4h9-hfr8: xrdb↗2022-05-17

▶

CVEList

CVE-2011-0465: xrdb↗2011-04-08

▶

OSV

CVE-2011-0465: xrdb↗2011-04-08

▶

📋Vendor Advisories

Ubuntu

x11-xserver-utils vulnerability↗2011-04-06

▶

Red Hat

xorg: xrdb code execution via crafted X client hostname↗2011-04-05

▶

Debian

CVE-2011-0465: x11-xserver-utils - xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers...↗2011

▶

💬Community

Bugzilla

xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-6]↗2011-04-13

▶

Bugzilla

xorg-x11-server-utils: xrdb regression introduced by the CVE-2011-0465 fix [rhel-5]↗2011-04-13

▶

Bugzilla

xorg-x11: xrdb regression introduced by the CVE-2011-0465 fix [rhel-4]↗2011-04-13

▶

Bugzilla

CVE-2011-0465 xorg: xrdb code execution via crafted X client hostname↗2011-02-24

▶