2 results (0.007 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620 http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html http://secunia.com/advisories/17043 http://secunia.com/advisories/17058 http://secunia.com/advisories/17572 http://securitytracker.com/id?1015002 http://www.debian.org/security/2005/dsa-895 http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml http://www.securityfocus.com/bid/1 •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. • http://lists.freedesktop.org/archives/uim/2005-February/000996.html http://secunia.com/advisories/13981 http://www.mandriva.com/security/advisories?name=MDKSA-2005:046 http://www.securityfocus.com/bid/12604 •