SuSE Update For Xorg-x11 SUSE-SA:2011:016 Network Vulnerability

Impact

remote code execution

Solution

Please Install the Updated Packages.

Insight

The xrdb helper program of the xorg-x11 package passes untrusted input such as hostnames retrieved via DHCP or client hostnames of XDMCP sessions to popen() without sanitization. Therefore, remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 servers or to XDMCP clients. CVE-2011-0465 has been assigned to this issue.

Affected

xorg-x11 on openSUSE 11.2, openSUSE 11.3, SUSE SLES 9

References

http://www.novell.com/linux/security/advisories/2011_16_xorg.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-0465
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for clamav
SLES10: Security update for CUPS
SLES10: Security update for enscript
SLES10: Security update for Mozilla Firefox
SLES10: Security update for IBM Java 5

SuSE Update for xorg-x11 SUSE-SA:2011:016

Take action and discover your vulnerabilities