---

X.Org security advisory: root hole via rogue hostname

“By crafting hostnames with shell escape characters, arbitrary
commands can be executed in a root environment when a display
manager reads in the resource database via xrdb.

Complete Story