Vulnerabilities > CVE-2005-3149 - Unspecified vulnerability in UIM
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200510-03.NASL description The remote host is affected by the vulnerability described in GLSA-200510-03 (Uim: Privilege escalation vulnerability) Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. This bug only affects immodule-enabled Qt (if you build Qt 3.3.2 or later versions with USE= last seen 2020-06-01 modified 2020-06-02 plugin id 19849 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19849 title GLSA-200510-03 : Uim: Privilege escalation vulnerability code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200510-03. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(19849); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-3149"); script_xref(name:"GLSA", value:"200510-03"); script_name(english:"GLSA-200510-03 : Uim: Privilege escalation vulnerability"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200510-03 (Uim: Privilege escalation vulnerability) Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. This bug only affects immodule-enabled Qt (if you build Qt 3.3.2 or later versions with USE='immqt' or USE='immqt-bc'). Impact : A malicious local user could exploit this vulnerability to execute arbitrary code with escalated privileges. Workaround : There is no known workaround at this time." ); # http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html script_set_attribute( attribute:"see_also", value:"https://lists.freedesktop.org/pipermail/uim/2005-September/001346.html" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200510-03" ); script_set_attribute( attribute:"solution", value: "All Uim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-i18n/uim-0.4.9.1'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:uim"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-i18n/uim", unaffected:make_list("ge 0.4.9.1"), vulnerable:make_list("lt 0.4.9.1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Uim"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-895.NASL description Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm. last seen 2020-06-01 modified 2020-06-02 plugin id 22761 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22761 title Debian DSA-895-1 : uim - programming error NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-198.NASL description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. The updated packages have been patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 20436 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20436 title Mandrake Linux Security Advisory : uim (MDKSA-2005:198)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620
- http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html
- http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html
- http://secunia.com/advisories/17043
- http://secunia.com/advisories/17058
- http://secunia.com/advisories/17572
- http://securitytracker.com/id?1015002
- http://www.debian.org/security/2005/dsa-895
- http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml
- http://www.securityfocus.com/bid/15007
- http://www.vupen.com/english/advisories/2005/1946
- http://www.vupen.com/english/advisories/2005/1947