FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

uim -- privilege escalation vulnerability

Affected packages
ja-uim < 0.4.6


VuXML ID fb03b1c6-8a8a-11d9-81f7-02023f003c9f
Discovery 2005-02-21
Entry 2005-03-01

The uim developers reports:

Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+ prohibits setuid/setgid applications, the bug appears only in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.)


Bugtraq ID 12604
CVE Name CVE-2005-0503