Secunia Logo  


Secunia PSI WorldMap
 
CVE Reference: CVE-2006-5397
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-5397

Description:
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/29956

SAID
  Secunia Advisory: SA22642
  Secunia Advisory: SA22749

MANDRIVA
  http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:199

CONFIRM
  http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=commit;h=686bb8b35acf6cecae80fe89b2b5853f5816ce19

BID
  20845


Return to the previous page.