Lucene search

[email protected]CVE-2006-5397

HistoryNov 03, 2006 - 12:07 a.m.

CVE-2006-5397

2006-11-0300:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-5397

x.org libx11

xinput module

file descriptor leak

nvd

security vulnerability

6.3 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

CPENameOperatorVersion
x.org:libx11x.org libx11eq1.0.2
x.org:libx11x.org libx11eq1.0.3

CPE	Name	Operator	Version
x.org:libx11	x.org libx11	eq	1.0.2
x.org:libx11	x.org libx11	eq	1.0.3

References

gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19

secunia.com/advisories/22642

secunia.com/advisories/22749

www.mandriva.com/security/advisories?name=MDKSA-2006:199

www.securityfocus.com/bid/20845

www.vupen.com/english/advisories/2006/4289

bugs.freedesktop.org/show_bug.cgi?id=8699

exchange.xforce.ibmcloud.com/vulnerabilities/29956

6.3 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2006-5397

cvelist1 debiancve1 ubuntucve1 nessus1