Vulnerability Details CVE-2006-5397
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.2%
CVSS Severity
CVSS v2 Score 2.1
References
- http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19
- http://secunia.com/advisories/22642
- http://secunia.com/advisories/22749
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
- http://www.securityfocus.com/bid/20845
- http://www.vupen.com/english/advisories/2006/4289
- https://bugs.freedesktop.org/show_bug.cgi?id=8699
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
- http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19
- http://secunia.com/advisories/22642
- http://secunia.com/advisories/22749
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
- http://www.securityfocus.com/bid/20845
- http://www.vupen.com/english/advisories/2006/4289
- https://bugs.freedesktop.org/show_bug.cgi?id=8699
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29956