CVE-2011-0465

EPSS 18.0%

x11-xserver-utils - missing input sanitizing

Published: 4/8/2011Modified: 4/28/2026

Also known as:DEBIAN-CVE-2011-0465

Description

xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.

Affected packages (2)

Debian/x11-xserver-utilsfrom 0, < 7.6+2
Debian/x11-xserver-utilsfrom 0, < 7.5+3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-0465