SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Attachmate Reflection Vendors:   AttachmateWRQ
(Attachmate Issues Fix for Reflection) X xrdb Input Validation Flaw in Processing Hostname Lets Remote Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1026926
SecurityTracker URL:  http://securitytracker.com/id/1026926
CVE Reference:   CVE-2011-0465   (Links to External Site)
Date:  Apr 17 2012
Impact:   Execution of arbitrary code via network, Root access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Reflection X prior to 14.1 SP2
Description:   A vulnerability was reported in X. A remote user can execute arbitrary commands on the target system. Attachmate Reflection X is affected.

A remote user can send specially crafted hostname values (containing shell escape characters) to the target system to execute arbitrary commands on the target system with root privileges when a display manager reads in the resource database via xrdb.

Systems that set their hostname via DHCP are affected (if the dhcp client permits hostnames with illegal characters).

Systems that allow remote logins via xdmcp are affected.

Sebastian Krahmer from the SUSE security team reported this vulnerability.

Impact:   A remote user can execute arbitrary commands with root privileges on the target system.
Solution:   Attachmate has issued a fix for Reflection (Reflection X 14.1 SP2).

The Attachmate advisory is available at:

http://support.attachmate.com/techdocs/1708.html

Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Apr 12 2011 X xrdb Input Validation Flaw in Processing Hostname Lets Remote Users Execute Arbitrary Commands



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC