9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.022 Low
EPSS
Percentile
89.3%
Matthias Hopf reports:
By crafting hostnames with shell escape characters, arbitrary
commands can be executed in a root environment when a display
manager reads in the resource database via xrdb.
These specially crafted hostnames can occur in two environments:
Systems are affected are: systems set their hostname via DHCP,
and the used DHCP client allows setting of hostnames with illegal
characters. And systems that allow remote logins via xdmcp.