CVE-2011-0465
xorg: xrdb code execution via crafted X client hostname
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
xrdb.c en xrdb anterior a v1.0.9 en X.Org X11R7.6 y anteriores permite a atacantes remotos ejecutar comandos arbitrarios mediante metacaracteres en un hostname obtenido de un mensaje (1) DHCP o (2) XDMCP.
This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-01-14 CVE Reserved
- 2011-04-08 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (30)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/44010 | Third Party Advisory | |
| http://secunia.com/advisories/44012 | Third Party Advisory | |
| http://secunia.com/advisories/44082 | Third Party Advisory | |
| http://secunia.com/advisories/44122 | Third Party Advisory | |
| http://secunia.com/advisories/44123 | Third Party Advisory | |
| http://secunia.com/advisories/44193 | Third Party Advisory | |
| http://www.securityfocus.com/bid/47189 | Vdb Entry | |
| http://www.securitytracker.com/id?1025317 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0889 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0906 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0929 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0966 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0975 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/66585 | Vdb Entry |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Matthias Hopf Search vendor "Matthias Hopf" | Xrdb Search vendor "Matthias Hopf" for product "Xrdb" | <= 1.0.8 Search vendor "Matthias Hopf" for product "Xrdb" and version " <= 1.0.8" | - |
Affected
| ||||||
| Matthias Hopf Search vendor "Matthias Hopf" | Xrdb Search vendor "Matthias Hopf" for product "Xrdb" | 1.0.2 Search vendor "Matthias Hopf" for product "Xrdb" and version "1.0.2" | - |
Affected
| ||||||
| Matthias Hopf Search vendor "Matthias Hopf" | Xrdb Search vendor "Matthias Hopf" for product "Xrdb" | 1.0.3 Search vendor "Matthias Hopf" for product "Xrdb" and version "1.0.3" | - |
Affected
| ||||||
| Matthias Hopf Search vendor "Matthias Hopf" | Xrdb Search vendor "Matthias Hopf" for product "Xrdb" | 1.0.4 Search vendor "Matthias Hopf" for product "Xrdb" and version "1.0.4" | - |
Affected
| ||||||
| Matthias Hopf Search vendor "Matthias Hopf" | Xrdb Search vendor "Matthias Hopf" for product "Xrdb" | 1.0.5 Search vendor "Matthias Hopf" for product "Xrdb" and version "1.0.5" | - |
Affected
| ||||||
| Matthias Hopf Search vendor "Matthias Hopf" | Xrdb Search vendor "Matthias Hopf" for product "Xrdb" | 1.0.6 Search vendor "Matthias Hopf" for product "Xrdb" and version "1.0.6" | - |
Affected
| ||||||
| Matthias Hopf Search vendor "Matthias Hopf" | Xrdb Search vendor "Matthias Hopf" for product "Xrdb" | 1.0.7 Search vendor "Matthias Hopf" for product "Xrdb" and version "1.0.7" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | <= r7.6 Search vendor "X" for product "X11" and version " <= r7.6" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r1 Search vendor "X" for product "X11" and version "r1" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r2 Search vendor "X" for product "X11" and version "r2" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r3 Search vendor "X" for product "X11" and version "r3" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r4 Search vendor "X" for product "X11" and version "r4" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r5 Search vendor "X" for product "X11" and version "r5" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6 Search vendor "X" for product "X11" and version "r6" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.1 Search vendor "X" for product "X11" and version "r6.1" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.3 Search vendor "X" for product "X11" and version "r6.3" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.4 Search vendor "X" for product "X11" and version "r6.4" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.5.1 Search vendor "X" for product "X11" and version "r6.5.1" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.6 Search vendor "X" for product "X11" and version "r6.6" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.7 Search vendor "X" for product "X11" and version "r6.7" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.7.0 Search vendor "X" for product "X11" and version "r6.7.0" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.8.0 Search vendor "X" for product "X11" and version "r6.8.0" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.8.1 Search vendor "X" for product "X11" and version "r6.8.1" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.8.2 Search vendor "X" for product "X11" and version "r6.8.2" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r6.9.0 Search vendor "X" for product "X11" and version "r6.9.0" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r7.0 Search vendor "X" for product "X11" and version "r7.0" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r7.1 Search vendor "X" for product "X11" and version "r7.1" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r7.2 Search vendor "X" for product "X11" and version "r7.2" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r7.3 Search vendor "X" for product "X11" and version "r7.3" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r7.4 Search vendor "X" for product "X11" and version "r7.4" | - |
Affected
| ||||||
| X Search vendor "X" | X11 Search vendor "X" for product "X11" | r7.5 Search vendor "X" for product "X11" and version "r7.5" | - |
Affected
| ||||||