Mandrake Linux Security Advisory : uim (MDKSA-2005:046)

Medium Nessus Plugin ID 17215


The remote Mandrake Linux host is missing one or more security updates.


Takumi ASAKI discovered that uim always trusts environment variables which can allow a local attacker to obtain elevated privileges when libuim is linked against an suid/sgid application. This problem is only exploitable in 'immodule for Qt' enabled Qt applications.

The updated packages are patched to fix the problem.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 17215

File Name: mandrake_MDKSA-2005-046.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2005/02/25

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64uim0, p-cpe:/a:mandriva:linux:lib64uim0-devel, p-cpe:/a:mandriva:linux:libuim0, p-cpe:/a:mandriva:linux:libuim0-devel, p-cpe:/a:mandriva:linux:uim, p-cpe:/a:mandriva:linux:uim-applet, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/02/24

Reference Information

CVE: CVE-2005-0503

MDKSA: 2005:046