FreeBSD : uim -- privilege escalation vulnerability (fb03b1c6-8a8a-11d9-81f7-02023f003c9f)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The uim developers reports :

Takumi ASAKI discovered that uim always trusts environment variables.
But this is not correct behavior, sometimes environment variables
shouldn't be trusted. This bug causes privilege escalation when libuim
is linked against setuid/setgid application. Since GTK+ prohibits
setuid/setgid applications, the bug appears only in 'immodule for Qt'
enabled Qt. (Normal Qt is also safe.)

See also :

http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html
http://www.nessus.org/u?573c93b1

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 3.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19183 (freebsd_pkg_fb03b1c68a8a11d981f702023f003c9f.nasl)

Bugtraq ID: 12604

CVE ID: CVE-2005-0503

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now