|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200510-03] Uim: Privilege escalation vulnerability Vulnerability Scan
Vulnerability Scan Summary
Uim: Privilege escalation vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200510-03
(Uim: Privilege escalation vulnerability)
Masanari Yamamoto discovered that Uim uses environment variables
incorrectly. This bug causes a privilege escalation if setuid/setgid
applications are linked to libuim. This bug only affects
immodule-enabled Qt (if you build Qt 3.3.2 or later versions with
USE="immqt" or USE="immqt-bc").
Impact
A malicious local user could exploit this vulnerability to execute
arbitrary code with escalated rights.
Workaround
There is no known workaround at this time.
References:
http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html
Solution:
All Uim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-i18n/uim-0.4.9.1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
