Vulnerability Details : CVE-2006-5397
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
Products affected by CVE-2006-5397
- cpe:2.3:a:x.org:libx11:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:x.org:libx11:1.0.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5397
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5397
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
Vendor statements for CVE-2006-5397
-
Red Hat 2007-03-14Not vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2006-5397
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
Mandriva
-
http://www.vupen.com/english/advisories/2006/4289
Site en construction
-
http://www.securityfocus.com/bid/20845
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
LibX11 Xinput module information disclosure CVE-2006-5397 Vulnerability Report
-
http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=commit;h=686bb8b35acf6cecae80fe89b2b5853f5816ce19
-
https://bugs.freedesktop.org/show_bug.cgi?id=8699
8699 – input method module leaks fdPatch
Jump to