remote code execution in xorg-x11

2011-04-1313:39:33

lists.opensuse.org

0.022 Low

EPSS

Percentile

88.1%

JSON

The xrdb helper program of the xorg-x11 package passes untrusted input such as hostnames retrieved via DHCP or client hostnames of XDMCP sessions to popen() without sanitization. Therefore, remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 servers or to XDMCP clients. CVE-2011-0465 has been assigned to this issue.

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Desktop10.4i586xorg-x11-man< 6.9.0-50.74.1xorg-x11-man-6.9.0-50.74.1.i586.rpm
Novell Open Enterprise Server (OES)anyi586xfree86-xnest< 4.3.99.902-43.105XFree86-Xnest-4.3.99.902-43.105.i586.rpm
openSUSE11.3x86_64xorg-x11-xauth< 7.5-12.3.1xorg-x11-xauth-7.5-12.3.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit10.4s390xxorg-x11-doc< 6.9.0-50.74.1xorg-x11-doc-6.9.0-50.74.1.s390x.rpm
Novell Linux Point of Service9i586xfree86-server-glx< 4.3.99.902-43.105XFree86-server-glx-4.3.99.902-43.105.i586.rpm
SUSE Linux Enterprise Desktop10.4i586xorg-x11-xnest< 6.9.0-50.74.1xorg-x11-Xnest-6.9.0-50.74.1.i586.rpm
SUSE Linux Enterprise Server10.3x86_64xorg-x11-xvnc< 6.9.0-50.68.70.3xorg-x11-Xvnc-6.9.0-50.68.70.3.x86_64.rpm
openSUSE11.4i586xorg-x11-xauth< 7.6-43.44.1xorg-x11-xauth-7.6-43.44.1.i586.rpm
SUSE Linux Enterprise Server10.4i586xorg-x11-fonts-75dpi< 6.9.0-50.74.1xorg-x11-fonts-75dpi-6.9.0-50.74.1.i586.rpm
SUSE Linux Enterprise Server10.4i586xorg-x11-xnest< 6.9.0-50.74.1xorg-x11-Xnest-6.9.0-50.74.1.i586.rpm

OS	Version	Architecture	Package	Version	Filename
SUSE Linux Enterprise Desktop	10.4	i586	xorg-x11-man	< 6.9.0-50.74.1	xorg-x11-man-6.9.0-50.74.1.i586.rpm
Novell Open Enterprise Server (OES)	any	i586	xfree86-xnest	< 4.3.99.902-43.105	XFree86-Xnest-4.3.99.902-43.105.i586.rpm
openSUSE	11.3	x86_64	xorg-x11-xauth	< 7.5-12.3.1	xorg-x11-xauth-7.5-12.3.1.x86_64.rpm
SUSE Linux Enterprise Software Development Kit	10.4	s390x	xorg-x11-doc	< 6.9.0-50.74.1	xorg-x11-doc-6.9.0-50.74.1.s390x.rpm
Novell Linux Point of Service	9	i586	xfree86-server-glx	< 4.3.99.902-43.105	XFree86-server-glx-4.3.99.902-43.105.i586.rpm
SUSE Linux Enterprise Desktop	10.4	i586	xorg-x11-xnest	< 6.9.0-50.74.1	xorg-x11-Xnest-6.9.0-50.74.1.i586.rpm
SUSE Linux Enterprise Server	10.3	x86_64	xorg-x11-xvnc	< 6.9.0-50.68.70.3	xorg-x11-Xvnc-6.9.0-50.68.70.3.x86_64.rpm
openSUSE	11.4	i586	xorg-x11-xauth	< 7.6-43.44.1	xorg-x11-xauth-7.6-43.44.1.i586.rpm
SUSE Linux Enterprise Server	10.4	i586	xorg-x11-fonts-75dpi	< 6.9.0-50.74.1	xorg-x11-fonts-75dpi-6.9.0-50.74.1.i586.rpm
SUSE Linux Enterprise Server	10.4	i586	xorg-x11-xnest	< 6.9.0-50.74.1	xorg-x11-Xnest-6.9.0-50.74.1.i586.rpm