CVE-2005-0503

uim <0.4.5.1 - Privilege Escalation

Title source: llm

Description

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.

References (4)

[Vendor Advisory] http://lists.freedesktop.org/archives/uim/2005-February/000996.html

[Patch, Vendor Advisory] http://secunia.com/advisories/13981

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2005:046

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/12604

Scores

EPSS 0.0007

EPSS Percentile 20.8%

Classification

Status draft

Affected Products (3)

uim/uim

mandrakesoft/mandrake_linux

Timeline

Published Feb 21, 2005

Tracked Since Feb 18, 2026