QwikSec

Security Database

CVE

CWE

Training

CVE-2006-5397

Published: Nov 3, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

https://bugs.freedesktop.org/show_bug.cgi?id=8699

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

libx11-xinput-information-disclosure(29956)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.