File Descriptor Leak in X.Org libX11 Affects Local Users
CVE-2006-5397

Currently unrated

Key Information:

Vendor: X.org
Status: Libx11
Vendor: CVE Published:; 3 November 2006

What is CVE-2006-5397?

The Xinput module in X.Org's libX11 versions 1.0.2 and 1.0.3 has a vulnerability that opens a file for reading multiple times using the same file descriptor. This flaw can lead to a file descriptor leak, enabling local users to access files specified by the XCOMPOSEFILE environment variable through the duplicate file descriptor, compromising the confidentiality of sensitive information.

References

http://secunia.com/advisories/22749

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/20845

vdb-entryx_refsource_BID

https://bugs.freedesktop.org/show_bug.cgi?id=8699

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 3, 2006
Vulnerability Reserved
Oct 18, 2006

X.org

What is CVE-2006-5397?

References

Timeline