CVE-2006-5397

Name of the Vulnerable Software and Affected Versions libX11 versions 1.0.2 through 1.0.3

Description The issue is related to a file descriptor leak in the Xinput module. This leak allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor. The leak occurs because the Xinput module opens a file for reading twice using the same file descriptor.

Recommendations For libX11 versions 1.0.2 and 1.0.3, consider restricting access to the XCOMPOSEFILE environment variable to minimize the risk of exploitation. As a temporary workaround, avoid using the XCOMPOSEFILE environment variable until a patch is available.