Vulnerabilities > CVE-2006-5397 - Unspecified vulnerability in X.Org Libx11 1.0.2/1.0.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
x-org
nessus
NVD
Published: 2006-11-03
Updated: 2023-11-07

Summary

The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.

Vulnerable Configurations

Part Description Count
Application
X.Org
2

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2006-199.NASL
descriptionThe Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. Updated packages have been patched to correct this issue.
last seen2020-06-01
modified2020-06-02
plugin id24584
published2007-02-18
reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24584
titleMandrake Linux Security Advisory : libx11 (MDKSA-2006:199)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:199. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(24584);
  script_version ("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:48");

  script_cve_id("CVE-2006-5397");
  script_xref(name:"MDKSA", value:"2006:199");

  script_name(english:"Mandrake Linux Security Advisory : libx11 (MDKSA-2006:199)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2
and 1.0.3 opens a file for reading twice using the same file
descriptor, which causes a file descriptor leak that allows local
users to read files specified by the XCOMPOSEFILE environment variable
via the duplicate file descriptor.

Updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64x11_6-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libx11_6-static-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/11/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64x11_6-1.0.3-2.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64x11_6-devel-1.0.3-2.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64x11_6-static-devel-1.0.3-2.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"libx11-common-1.0.3-2.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libx11_6-1.0.3-2.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libx11_6-devel-1.0.3-2.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libx11_6-static-devel-1.0.3-2.1mdv2007.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Statements

contributorMark J Cox
lastmodified2007-03-14
organizationRed Hat
statementNot vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References