Vulnerabilities > CVE-2005-0503
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
OS | 2 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-046.NASL description Takumi ASAKI discovered that uim always trusts environment variables which can allow a local attacker to obtain elevated privileges when libuim is linked against an suid/sgid application. This problem is only exploitable in last seen 2020-06-01 modified 2020-06-02 plugin id 17215 published 2005-02-25 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17215 title Mandrake Linux Security Advisory : uim (MDKSA-2005:046) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200502-31.NASL description The remote host is affected by the vulnerability described in GLSA-200502-31 (uim: Privilege escalation vulnerability) Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This vulnerability only affects immodule-enabled Qt (if you build Qt 3.3.2 or later versions with USE= last seen 2020-06-01 modified 2020-06-02 plugin id 17234 published 2005-03-01 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17234 title GLSA-200502-31 : uim: Privilege escalation vulnerability NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FB03B1C68A8A11D981F702023F003C9F.NASL description The uim developers reports : Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn last seen 2020-06-01 modified 2020-06-02 plugin id 19183 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19183 title FreeBSD : uim -- privilege escalation vulnerability (fb03b1c6-8a8a-11d9-81f7-02023f003c9f)