Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2006-5397

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Nov, 2006 | 00:00
Updated At-07 Aug, 2024 | 19:48
Rejected At-
Credits

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Nov, 2006 | 00:00
Updated At:07 Aug, 2024 | 19:48
Rejected At:
▼CVE Numbering Authority (CNA)

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/22749
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/20845
vdb-entry
x_refsource_BID
https://bugs.freedesktop.org/show_bug.cgi?id=8699
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4289
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/22642
third-party-advisory
x_refsource_SECUNIA
http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
vendor-advisory
x_refsource_MANDRIVA
https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/22749
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/20845
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://bugs.freedesktop.org/show_bug.cgi?id=8699
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2006/4289
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/22642
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
Resource:
vdb-entry
x_refsource_XF
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://secunia.com/advisories/22749
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/20845
vdb-entry
x_refsource_BID
x_transferred
https://bugs.freedesktop.org/show_bug.cgi?id=8699
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2006/4289
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/22642
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/22749
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/20845
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://bugs.freedesktop.org/show_bug.cgi?id=8699
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/4289
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/22642
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
Resource:
vdb-entry
x_refsource_XF
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Nov, 2006 | 00:07
Updated At:07 Nov, 2023 | 01:59

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
X.Org Foundation
x.org
>>libx11>>1.0.2
cpe:2.3:a:x.org:libx11:1.0.2:*:*:*:*:*:*:*
X.Org Foundation
x.org
>>libx11>>1.0.3
cpe:2.3:a:x.org:libx11:1.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2007-03-14T00:00:00

Not vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References
HyperlinkSourceResource
http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19cve@mitre.org
N/A
http://secunia.com/advisories/22642cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/22749cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:199cve@mitre.org
N/A
http://www.securityfocus.com/bid/20845cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/4289cve@mitre.org
N/A
https://bugs.freedesktop.org/show_bug.cgi?id=8699cve@mitre.org
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/29956cve@mitre.org
N/A
Hyperlink: http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git%3Ba=commit%3Bh=686bb8b35acf6cecae80fe89b2b5853f5816ce19
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/22642
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/22749
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:199
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/20845
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/4289
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://bugs.freedesktop.org/show_bug.cgi?id=8699
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/29956
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2Records found
CVE-2017-2625
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.40%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 18:00
Updated-05 Aug, 2024 | 14:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Action-Not Available
Vendor-X.Org FoundationRed Hat, Inc.
Product-enterprise_linux_serverenterprise_linux_server_eusenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxenterprise_linux_desktoplibxdmcplibXdmcp
CWE ID-CWE-331
Insufficient Entropy
CWE ID-CWE-320
Not Available
CVE-2020-14347
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 18.25%
||
7 Day CHG+0.01%
Published-05 Aug, 2020 | 13:08
Updated-29 Aug, 2025 | 13:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg server runs with elevated privileges, this could result in possible ASLR bypass. Xorg-server before version 1.20.9 is vulnerable.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxX.Org Foundation
Product-debian_linuxubuntu_linuxx_serverxorg-x11-server
CWE ID-CWE-665
Improper Initialization
Details not found