The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of libX11: descriptor leak

Synthesis of the vulnerability 

A file descriptor is unnecessarily opened in libX11, but permits an attacker to access a file.
Impacted products: Mandriva Linux, XOrg Bundle ~ not comprehensive, libX11.
Severity of this bulletin: 2/4.
Creation date: 02/11/2006.
Références of this threat: 8699, BID-20845, CVE-2006-5397, MDKSA-2006:199, VIGILANCE-VUL-6273.

Description of the vulnerability 

The modules/im/ximcp/imLcIm.c file of libX11 manages input methods (generally used for Asian characters).

The XCOMPOSEFILE environment variable indicates the name of a file defining how to compose characters, by pressing several keys.

The file indicated by this variable is incorrectly opened twice in the XimCreateDefaultTree() function of imLcIm.c. The first file descriptor is never closed.

A local attacker can thus set XCOMPOSEFILE, then run a suid/sgid program linked with libX11 (such as xterm), in order to open the file, then to access its descriptor. The attacker can thus read its content.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat note impacts software or systems such as Mandriva Linux, XOrg Bundle ~ not comprehensive, libX11.

Our Vigil@nce team determined that the severity of this weakness alert is medium.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer weakness note.

Solutions for this threat 

libX11: patch.
A patch is available.

Mandriva: new libx11 packages.
New packages are available:
 Mandriva Linux 2007.0:
 ed3642c63b1640928ebd8e997da0fd1e 2007.0/i586/libx11_6-1.0.3-2.1mdv2007.0.i586.rpm
 9bf6292e8d6c030b0304efc06912cb5c 2007.0/i586/libx11_6-devel-1.0.3-2.1mdv2007.0.i586.rpm
 095b10889206e2c6b012eca03547e6c0 2007.0/i586/libx11_6-static-devel-1.0.3-2.1mdv2007.0.i586.rpm
 fa6548ef7176c5a6e460ef9fffe077cd 2007.0/i586/libx11-common-1.0.3-2.1mdv2007.0.i586.rpm
 968b2c951219986d64411b8c893463af 2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm
 Mandriva Linux 2007.0/X86_64:
 d32213d0ffd578d1bcc559557ce9a56d 2007.0/x86_64/lib64x11_6-1.0.3-2.1mdv2007.0.x86_64.rpm
 a93c8ea58f95f84d339f84a71476cf52 2007.0/x86_64/lib64x11_6-devel-1.0.3-2.1mdv2007.0.x86_64.rpm
 0209595d4383b158efd2156f92f3fa89 2007.0/x86_64/lib64x11_6-static-devel-1.0.3-2.1mdv2007.0.x86_64.rpm
 498a8fb81c8f94b708467b112deae6be 2007.0/x86_64/libx11-common-1.0.3-2.1mdv2007.0.x86_64.rpm
 968b2c951219986d64411b8c893463af 2007.0/SRPMS/libx11-1.0.3-2.1mdv2007.0.src.rpm
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides computer vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.