Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD2ECCB24F-61C0-11E0-B199-0015F2DB7BDE
HistoryApr 05, 2011 - 12:00 a.m.

xrdb -- root hole via rogue hostname

2011-04-0500:00:00
vuxml.freebsd.org
4

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON

Matthias Hopf reports:

By crafting hostnames with shell escape characters, arbitrary
commands can be executed in a root environment when a display
manager reads in the resource database via xrdb.
These specially crafted hostnames can occur in two environments:
Systems are affected are: systems set their hostname via DHCP,
and the used DHCP client allows setting of hostnames with illegal
characters. And systems that allow remote logins via xdmcp.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchxrdb< 1.0.6_1UNKNOWN

Related

openvas 26
nessus 26
redhat 2
fedora 3
centos 2
oraclelinux 2
prion 1
securityvulns 2
slackware 1
suse 1
ubuntucve 1
ubuntu 1
debian 1
cve 2
debiancve 1
gentoo 1
openvas
openvas
FreeBSD Ports: xrdb
2011-05-12 00:00:00
Ubuntu Update for x11-xserver-utils vulnerability USN-1107-1
2011-04-11 00:00:00
CentOS Update for xorg-x11-server-utils CESA-2011:0433 centos5 i386
2011-08-09 00:00:00
nessus
nessus
SuSE 11.1 Security Update : X11 (SAT Patch Number 4199)
2011-04-07 00:00:00
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : xrdb (SSA:2011-096-01)
2011-04-12 00:00:00
CentOS 4 : xorg-x11 (CESA-2011:0432)
2011-04-20 00:00:00
redhat
redhat
(RHSA-2011:0433) Moderate: xorg-x11-server-utils security update
2011-04-11 00:00:00
(RHSA-2011:0432) Moderate: xorg-x11 security update
2011-04-11 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: xorg-x11-server-utils-7.5-5.fc14
2011-04-14 20:57:38
[SECURITY] Fedora 15 Update: xorg-x11-server-utils-7.5-5.fc15
2011-04-15 21:10:42
[SECURITY] Fedora 13 Update: xorg-x11-server-utils-7.4-17.fc13
2011-06-11 04:27:26
centos
centos
xorg security update
2011-04-19 13:15:11
xorg security update
2011-04-14 15:07:49
oraclelinux
oraclelinux
xorg-x11-server-utils security update
2011-04-12 00:00:00
xorg-x11 security update
2011-04-11 00:00:00
prion
prion
Design/Logic Flaw
2011-04-08 15:17:00
securityvulns
securityvulns
[USN-1107-1] x11-xserver-utils vulnerability
2011-04-11 00:00:00
XRDB shell characters vulnerability
2011-04-11 00:00:00
slackware
slackware
[slackware-security] xrdb
2011-04-11 21:56:44
suse
suse
remote code execution in xorg-x11
2011-04-13 13:39:33
ubuntucve
ubuntucve
CVE-2011-0465
2011-04-06 00:00:00
ubuntu
ubuntu
x11-xserver-utils vulnerability
2011-04-06 00:00:00
debian
debian
[SECURITY] [DSA 2213-1] x11-xserver-utils security update
2011-04-08 19:52:50
cve
cve
CVE-2011-0465
2011-04-08 15:17:00
CVE-2011-1014
2017-07-21 19:29:00
debiancve
debiancve
CVE-2011-0465
2011-04-08 15:17:00
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON
Related for 2ECCB24F-61C0-11E0-B199-0015F2DB7BDE
openvas26nessus26redhat2fedora3centos2oraclelinux2prion1securityvulns2slackware1suse1ubuntucve1ubuntu1debian1cve2debiancve1gentoo1