Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:046: uim Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the uim package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:046 (uim).
Takumi ASAKI discovered that uim always trusts environment variables which can
allow a local attacker to obtain elevated rights when libuim is linked
against an suid/sgid application. This problem is only exploitable in 'immodule
for Qt' enabled Qt applications.
The updated packages are patched to fix the problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:046
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.