 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.880499 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for xorg-x11-server-utils CESA-2011:0433 centos5 i386 |
| Summary: | The remote host is missing an update for the 'xorg-x11-server-utils'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'xorg-x11-server-utils' package(s) announced via the referenced advisory. Vulnerability Insight: The xorg-x11-server-utils package contains a collection of utilities used to modify and query the runtime configuration of the X.Org server. X.Org is an open source implementation of the X Window System. A flaw was found in the X.Org X server resource database utility, xrdb. Certain variables were not properly sanitized during the launch of a user's graphical session, which could possibly allow a remote attacker to execute arbitrary code with root privileges, if they were able to make the display manager execute xrdb with a specially-crafted X client hostname. For example, by configuring the hostname on the target system via a crafted DHCP reply, or by using the X Display Manager Control Protocol (XDMCP) to connect to that system from a host that has a special DNS name. (CVE-2011-0465) Red Hat would like to thank Matthieu Herrb for reporting this issue. Upstream acknowledges Sebastian Krahmer of the SuSE Security Team as the original reporter. Users of xorg-x11-server-utils should upgrade to this updated package, which contains a backported patch to resolve this issue. All running X.Org server instances must be restarted for this update to take effect. Affected Software/OS: xorg-x11-server-utils on CentOS 5 Solution: Please install the updated packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2011-0465 BugTraq ID: 47189 http://www.securityfocus.com/bid/47189 Debian Security Information: DSA-2213 (Google Search) http://www.debian.org/security/2011/dsa-2213 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057928.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:076 http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html http://lists.freedesktop.org/archives/xorg-announce/2011-April/001635.html http://www.redhat.com/support/errata/RHSA-2011-0432.html http://www.redhat.com/support/errata/RHSA-2011-0433.html http://www.securitytracker.com/id?1025317 http://secunia.com/advisories/44010 http://secunia.com/advisories/44012 http://secunia.com/advisories/44040 http://secunia.com/advisories/44082 http://secunia.com/advisories/44122 http://secunia.com/advisories/44123 http://secunia.com/advisories/44193 http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.465748 SuSE Security Announcement: SUSE-SA:2011:016 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00002.html SuSE Security Announcement: openSUSE-SU-2011:0298 (Google Search) https://lwn.net/Articles/437150/ http://www.ubuntu.com/usn/USN-1107-1 http://www.vupen.com/english/advisories/2011/0880 http://www.vupen.com/english/advisories/2011/0889 http://www.vupen.com/english/advisories/2011/0906 http://www.vupen.com/english/advisories/2011/0929 http://www.vupen.com/english/advisories/2011/0966 http://www.vupen.com/english/advisories/2011/0975 XForce ISS Database: xorg11-xrdb-command-execution(66585) https://exchange.xforce.ibmcloud.com/vulnerabilities/66585 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |