uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Uim | Uim | 0.4.5 (including) | 0.4.5 (including) |
| Mlterm | Ubuntu | dapper | * |
| Mlterm | Ubuntu | devel | * |
| Mlterm | Ubuntu | edgy | * |
| Mlterm | Ubuntu | feisty | * |
| Uim | Ubuntu | dapper | * |
| Uim | Ubuntu | devel | * |
| Uim | Ubuntu | edgy | * |
| Uim | Ubuntu | feisty | * |
References
- http://lists.freedesktop.org/archives/uim/2005-February/000996.html
- http://secunia.com/advisories/13981
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:046
- http://www.securityfocus.com/bid/12604
- http://lists.freedesktop.org/archives/uim/2005-February/000996.html
- http://secunia.com/advisories/13981
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:046
- http://www.securityfocus.com/bid/12604