Lucene search

FreeBSDFB03B1C6-8A8A-11D9-81F7-02023F003C9F

HistoryFeb 21, 2005 - 12:00 a.m.

uim -- privilege escalation vulnerability

2005-02-2100:00:00

vuxml.freebsd.org

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

Percentile

5.1%

JSON

The uim developers reports:

Takumi ASAKI discovered that uim always trusts environment
variables. But this is not correct behavior, sometimes environment
variables shouldn’t be trusted. This bug causes privilege escalation
when libuim is linked against setuid/setgid application. Since GTK+
prohibits setuid/setgid applications, the bug appears only in
‘immodule for Qt’ enabled Qt. (Normal Qt is also safe.)

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchja-uim< 0.4.6UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	ja-uim	< 0.4.6	UNKNOWN

References

lists.freedesktop.org/pipermail/uim/2005-February/000996.html

secunia.com/advisories/13981

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

Percentile

5.1%

JSON

Related for FB03B1C6-8A8A-11D9-81F7-02023F003C9F