FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

uim -- privilege escalation vulnerability

Affected packages
ja-uim <


VuXML ID 1e606080-3293-11da-ac91-020039488e34
Discovery 2005-09-28
Entry 2005-10-01

The uim developers reports:

Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.) In some distribution, mlterm is also an setuid/setgid application.