The xrdb helper program of the xorg-x11 package passes untrusted input such as hostnames retrieved via DHCP or client hostnames of XDMCP sessions to popen without sanitization. Therefore, remote attackers could execute arbitrary commands as root by assigning specially crafted hostnames to X11 servers or to XDMCP clients. CVE-2011-0465 has been assigned to this issue.