FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0503

This CVE name corresponds to:

Entered Topic
2005-03-01 uim -- privilege escalation vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-0503
Phase Assigned(20050221)

Description

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.

References

Source Reference
MLIST [uim] 20050220 uim 0.4.5.1 released
MANDRAKE MDKSA-2005:046
BID 12604
SECUNIA 13981