FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

uim -- privilege escalation vulnerability

Affected packages
		ja-uim	<	0.4.9.1

Details

VuXML ID	1e606080-3293-11da-ac91-020039488e34
Discovery	2005-09-28
Entry	2005-10-01

The uim developers reports:

Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.) In some distribution, mlterm is also an setuid/setgid application.

[source]

References

URL	http://lists.freedesktop.org/archives/uim/2005-September/001346.html