CVE-2011-0465 – xorg: xrdb code execution via crafted X client hostname

https://notcve.org/view.php?id=CVE-2011-0465

06 Apr 2011 — xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message. xrdb.c en xrdb anterior a v1.0.9 en X.Org X11R7.6 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres en un hostname obtenido de un mensaje (1) DHCP o (2) XDMCP. Sebastian Krahmer discovered that the xrdb utility of x11-xserver-utils, a X server resource database utility,... • http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 • CWE-20: Improper Input Validation •