This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A flaw was found in the X.Org X server resource database utility,
xrdb. Certain variables were not properly sanitized during the launch
of a user's graphical session, which could possibly allow a remote
attacker to execute arbitrary code with root privileges, if they were
able to make the display manager execute xrdb with a specially-crafted
X client hostname. For example, by configuring the hostname on the
target system via a crafted DHCP reply, or by using the X Display
Manager Control Protocol (XDMCP) to connect to that system from a host
that has a special DNS name. (CVE-2011-0465)
All running X.Org server instances must be restarted for this update
to take effect.
See also :
Update the affected packages.
Risk factor :
High / CVSS Base Score : 9.3
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 61015 ()
CVE ID: CVE-2011-0465