CVE-2011-0465

Publication date 6 April 2011

Last updated 24 July 2024

Ubuntu priority

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
x11-xserver-utils	10.10 maverick	Fixed 7.5+2ubuntu1.1
	10.04 LTS lucid	Fixed 7.5+1ubuntu2.1
	9.10 karmic	Fixed 7.4+2ubuntu3.1
	8.04 LTS hardy	Fixed 7.3+2ubuntu0.1
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
x11-xserver-utils	Upstream: ?id=102

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1107-1
x11-xserver-utils vulnerability
6 April 2011

Other references

http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html
https://www.cve.org/CVERecord?id=CVE-2011-0465