FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2eccb24f-61c0-11e0-b199-0015f2db7bdexrdb -- root hole via rogue hostname

Matthias Hopf reports:

By crafting hostnames with shell escape characters, arbitrary commands can be executed in a root environment when a display manager reads in the resource database via xrdb.

These specially crafted hostnames can occur in two environments:

Systems are affected are: systems set their hostname via DHCP, and the used DHCP client allows setting of hostnames with illegal characters. And systems that allow remote logins via xdmcp.


Discovery 2011-04-05
Entry 2011-04-14
xrdb
lt 1.0.6_1

CVE-2011-0465
http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html