Ubuntu
libx11 package

[edgy] fd leak in Xinput module

Bug #66776 reported by Kees Cook on 2006-10-18

254

Affects		Status	Importance	Assigned to	Milestone
	X.Org X server	Fix Released	Medium	freedesktop-bugs #8699
	libx11 (Ubuntu)	Fix Released	High	Kees Cook	Ubuntu ubuntu-6.10

Bug Description

To be fixed post-RC in edgy, libX11 leaks an env-controlled fd, potentially with elevated privs.

See line 620:
http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=blob;hb=abda4d223e9cce9ac6e7b5d82a5680d9a502e52a;f=modules/im/ximcp/imLcIm.c

See original description

CVE References

2006-5397

Revision history for this message

In freedesktop.org Bugzilla #8699, Kees Cook (kees) wrote on 2006-10-18:

Created an attachment (id=7459)
kill double open

Revision history for this message

Kees Cook (kees) wrote on 2006-10-18:

To be fixed post-RC in edgy, libX11 leaks an env-controlled fd, potentially with elevated privs.

See line 620:
http://gitweb.freedesktop.org/?p=xorg/lib/libX11.git;a=blob;hb=abda4d223e9cce9ac6e7b5d82a5680d9a502e52a;f=modules/im/ximcp/imLcIm.c

Revision history for this message

Kees Cook (kees) wrote on 2006-10-18:

debdiff to fix leak Edit (1.3 KiB, text/plain)

Revision history for this message

Kees Cook (kees) wrote on 2006-10-18:

https://bugs.freedesktop.org/show_bug.cgi?id=8699

Kees Cook (kees) on 2006-10-18

Changed in libx11:
importance:	Undecided → High
status:	Unconfirmed → Fix Committed

Revision history for this message

In freedesktop.org Bugzilla #8699, Mhopf-suse (mhopf-suse) wrote on 2006-10-19:

Fixed with git commit 686bb8b35acf6cecae80fe89b2b5853f5816ce19.

Should this be fixed in 7.1 as well, or in the stable branch of libX11? Or just
a new release of libX11?

So far xterm seems to be the only problematic app (setgid), but with its normal
gid no security relevant files can be accessed.

Revision history for this message

Martin Pitt (pitti) wrote on 2006-10-19:

CVE-2006-5397 (hm, Malone's ability to attach a CVE number was recently broken, as it seems).

Bug Watch Updater (bug-watch-updater) on 2006-10-19

Changed in xorg-server:
status:	Unknown → Confirmed

Kees Cook (kees) on 2006-10-19

Changed in libx11:
assignee:	nobody → keescook

Kees Cook (kees) on 2006-10-19

Changed in libx11:
status:	Fix Committed → Fix Released

Revision history for this message

In freedesktop.org Bugzilla #8699, Matthieu Herrb (matthieu-herrb) wrote on 2006-10-30:

I have the impression that the vulnerable code was added after 7.1, in a commit
from June 13.
Only libX11 1.0.2 and 1.0.3 are vulnerable. So I guess the upcoming 1.1 release
is enough.

Revision history for this message

In freedesktop.org Bugzilla #8699, Matthieu Herrb (matthieu-herrb) wrote on 2006-10-30:

BTW, this has been assigned CVE-2006-5397 by mitre.

Revision history for this message

In freedesktop.org Bugzilla #8699, Daniel Stone (daniels) wrote on 2006-12-06:

marking as fixed, as we're shipping 1.1 with 7.2

Bug Watch Updater (bug-watch-updater) on 2006-12-07

Changed in xorg-server:
status:	Confirmed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2010-09-14

Changed in xorg-server:
importance:	Unknown → Medium

Bug Watch Updater (bug-watch-updater) on 2011-01-25

Changed in xorg-server:
importance:	Medium → Unknown

Bug Watch Updater (bug-watch-updater) on 2011-02-04

Changed in xorg-server:
importance:	Unknown → Medium

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

debdiff to fix leak Edit

Add patch

Remote bug watches

freedesktop-bugs #8699
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibx11 package

[edgy] fd leak in Xinput module

Bug Description

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
libx11 package