FreeBSD : uim -- privilege escalation vulnerability (fb03b1c6-8a8a-11d9-81f7-02023f003c9f)
Medium Nessus Plugin ID 19183
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe uim developers reports :
Takumi ASAKI discovered that uim always trusts environment variables.
But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+ prohibits setuid/setgid applications, the bug appears only in 'immodule for Qt' enabled Qt. (Normal Qt is also safe.)
SolutionUpdate the affected package.