UIM LibUIM Environment Variables Privilege Escalation Weakness
BID:12604
Info
UIM LibUIM Environment Variables Privilege Escalation Weakness
| Bugtraq ID: | 12604 |
| Class: | Design Error |
| CVE: |
CVE-2005-0503 |
| Remote: | No |
| Local: | Yes |
| Published: | Feb 21 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | Discovery of this weakness is credited to Takumi Asaki. |
| Vulnerable: |
Uim Uim 0.4.5 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 |
| Not Vulnerable: |
Uim Uim 0.4.5 .1 |
Discussion
UIM LibUIM Environment Variables Privilege Escalation Weakness
Uim is reported prone to an privilege escalation weakness. It is reported that the Uim library will always trust user-supplied environment variables, and that this may be exploited in circumstances where the Uim library is linked to a setuid/setgid application.
An attacker that has local interactive to a system that has a vulnerable application installed may potentially exploit this weakness to escalate privileges.
Uim is reported prone to an privilege escalation weakness. It is reported that the Uim library will always trust user-supplied environment variables, and that this may be exploited in circumstances where the Uim library is linked to a setuid/setgid application.
An attacker that has local interactive to a system that has a vulnerable application installed may potentially exploit this weakness to escalate privileges.
Exploit / POC
UIM LibUIM Environment Variables Privilege Escalation Weakness
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
UIM LibUIM Environment Variables Privilege Escalation Weakness
Solution:
The vendor has released version 0.4.5.1 to address this issue.
Mandrake has released an advisory (MDKSA-2005:046) and fixes to address this vulnerability. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Gentoo has released advisory GLSA 200502-31 to address this issue. Gentoo updates can be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=app-i18n/uim-0.4.5.1"
Uim Uim 0.4.5
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.1 x86_64
Solution:
The vendor has released version 0.4.5.1 to address this issue.
Mandrake has released an advisory (MDKSA-2005:046) and fixes to address this vulnerability. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.
Gentoo has released advisory GLSA 200502-31 to address this issue. Gentoo updates can be applied by running the following commands as the superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=app-i18n/uim-0.4.5.1"
Uim Uim 0.4.5
-
Uim uim-0.4.5.1.tar.gz
http://uim.freedesktop.org/releases/uim-0.4.5.1.tar.gz
Mandriva Linux Mandrake 10.1
-
Mandrake libuim0-0.4.5.1-0.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libuim0-devel-0.4.5.1-0.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake uim-0.4.5.1-0.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake uim-applet-0.4.5.1-0.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php
Mandriva Linux Mandrake 10.1 x86_64
-
Mandrake lib64uim0-0.4.5.1-0.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake lib64uim0-devel-0.4.5.1-0.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libuim0-0.4.5.1-0.1.101mdk.i586.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php
References
UIM LibUIM Environment Variables Privilege Escalation Weakness
References:
References:
- uim 0.4.5.1 released (TOKUNAGA Hiroyuki tkng at xem.jp )
- Uim Homepage (Uim)