Search criteria
2 vulnerabilities by uim
CVE-2005-3149 (GCVE-0-2005-3149)
Vulnerability from cvelistv5 – Published: 2005-10-05 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://lists.freedesktop.org/pipermail/uim/2005-S… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/15007 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/1947 | vdb-entryx_refsource_VUPEN |
| http://lists.freedesktop.org/pipermail/uim/2005-S… | mailing-listx_refsource_MLIST |
| http://securitytracker.com/id?1015002 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/17058 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/17572 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/1946 | vdb-entryx_refsource_VUPEN |
| http://www.debian.org/security/2005/dsa-895 | vendor-advisoryx_refsource_DEBIAN |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/17043 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620 | x_refsource_CONFIRM |
Date Public
2005-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Uim] 20050928 uim 0.5.0.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html"
},
{
"name": "15007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15007"
},
{
"name": "ADV-2005-1947",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1947"
},
{
"name": "[Uim] 20050928 uim-0.4.9.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html"
},
{
"name": "1015002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015002"
},
{
"name": "17058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17058"
},
{
"name": "17572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17572"
},
{
"name": "ADV-2005-1946",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1946"
},
{
"name": "DSA-895",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-895"
},
{
"name": "GLSA-200510-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml"
},
{
"name": "17043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Uim] 20050928 uim 0.5.0.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html"
},
{
"name": "15007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15007"
},
{
"name": "ADV-2005-1947",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1947"
},
{
"name": "[Uim] 20050928 uim-0.4.9.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html"
},
{
"name": "1015002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015002"
},
{
"name": "17058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17058"
},
{
"name": "17572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17572"
},
{
"name": "ADV-2005-1946",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1946"
},
{
"name": "DSA-895",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-895"
},
{
"name": "GLSA-200510-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml"
},
{
"name": "17043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Uim] 20050928 uim 0.5.0.1 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html"
},
{
"name": "15007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15007"
},
{
"name": "ADV-2005-1947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1947"
},
{
"name": "[Uim] 20050928 uim-0.4.9.1 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html"
},
{
"name": "1015002",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015002"
},
{
"name": "17058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17058"
},
{
"name": "17572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17572"
},
{
"name": "ADV-2005-1946",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1946"
},
{
"name": "DSA-895",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-895"
},
{
"name": "GLSA-200510-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml"
},
{
"name": "17043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17043"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3149",
"datePublished": "2005-10-05T04:00:00.000Z",
"dateReserved": "2005-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:59.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0503 (GCVE-0-2005-0503)
Vulnerability from cvelistv5 – Published: 2005-02-21 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.freedesktop.org/archives/uim/2005-Fe… | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/12604 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/13981 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[uim] 20050220 uim 0.4.5.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/uim/2005-February/000996.html"
},
{
"name": "MDKSA-2005:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046"
},
{
"name": "12604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12604"
},
{
"name": "13981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-30T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[uim] 20050220 uim 0.4.5.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/uim/2005-February/000996.html"
},
{
"name": "MDKSA-2005:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046"
},
{
"name": "12604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12604"
},
{
"name": "13981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[uim] 20050220 uim 0.4.5.1 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/uim/2005-February/000996.html"
},
{
"name": "MDKSA-2005:046",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046"
},
{
"name": "12604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12604"
},
{
"name": "13981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0503",
"datePublished": "2005-02-21T05:00:00.000Z",
"dateReserved": "2005-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}