FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1e606080-3293-11da-ac91-020039488e34uim -- privilege escalation vulnerability

The uim developers reports:

Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.) In some distribution, mlterm is also an setuid/setgid application.


Discovery 2005-09-28
Entry 2005-10-01
ja-uim
< 0.4.9.1

http://lists.freedesktop.org/archives/uim/2005-September/001346.html
fb03b1c6-8a8a-11d9-81f7-02023f003c9fuim -- privilege escalation vulnerability

The uim developers reports:

Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+ prohibits setuid/setgid applications, the bug appears only in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.)


Discovery 2005-02-21
Entry 2005-03-01
ja-uim
< 0.4.6

CVE-2005-0503
http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html
12604
http://secunia.com/advisories/13981