USN-1107-1: x11-xserver-utils vulnerability

6 April 2011

x11-xserver-utils vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.10
  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 8.04 LTS

Summary

An attacker could send crafted input to xrdb and cause it to run programs as root.

Software Description

  • x11-xserver-utils - X server utilities

Details

Sebastian Krahmer discovered that the xrdb utility incorrectly filtered crafted hostnames. An attacker could use this flaw with a malicious DHCP server or with a remote xdmcp login and execute arbitrary code, resulting in root privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.10
x11-xserver-utils - 7.5+2ubuntu1.1
Ubuntu 10.04 LTS
x11-xserver-utils - 7.5+1ubuntu2.1
Ubuntu 9.10
x11-xserver-utils - 7.4+2ubuntu3.1
Ubuntu 8.04 LTS
x11-xserver-utils - 7.3+2ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make all the necessary changes.

References