Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2005-3149

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.

Related bugs and status

CVE-2005-3149 (Candidate) is related to these bugs:

Bug #3328: uim: privilege escalation before 0.4.9.1

Summary				In	Importance	Status
	3328	uim: privilege escalation before 0.4.9.1		uim (Ubuntu)	Medium	Fix Released
	3328	uim: privilege escalation before 0.4.9.1		uim (Ubuntu Breezy)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [Uim] 20050928 uim-0.4...
MLIST: [Uim] 20050928 uim 0.5...
CONFIRM: http://bugs.debian.org...
GENTOO: GLSA-200510-03
SECUNIA: 17043
SECTRACK: 1015002
DEBIAN: DSA-895
BID: 15007
SECUNIA: 17058
SECUNIA: 17572
VUPEN: ADV-2005-1946
VUPEN: ADV-2005-1947