X.Org security advisory, April 5th, 2011 root hole via rogue hostname CVE ID: CVE-2011-0465
Overview -------- By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb. These specially crafted hostnames can occur in two environments: * Hosts that set their hostname via DHCP * Hosts that allow remote logins via xdmcp Impact ------ Arbitrary (short) commands can be executed as root on affected hosts. With some display managers a working login is required (resource database is read upon login), with others no working login is required (resource database is read upon display manager start as well). Only systems are affected that 1) set their hostname via DHCP, and the used DHCP client allows setting of hostnames with illegal characters or 2) allow remote logins via xdmcp 1) requires either physical access to the network, or administrative access to the running DHCP server. 2) does not require physical access, if a regular account on a machine accepted by xdmcp is available, but describes a case that is considered insecure nowadays. Affected versions ----------------- xrdb up to including 1.0.8 X11R7.6 (latest release) includes xrdb 1.0.7 Fix --- This issue has been fixed with git commit 1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56 A fix of this vulnerability is included in xrdb 1.0.9. This issue was found by Sebastian Krahmer from the SUSE security team. Thanks Matthias Hopf <mh...@suse.de>
pgpoBBPwhQArl.pgp
Description: PGP signature
_______________________________________________ xorg-announce mailing list xorg-announce@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/xorg-announce