CVE-2005-0503

Published: Feb 21, 2005Modified: Apr 16, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.

Affected (3)

Products: Uim: Uim · Mandrakesoft: Mandrake Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Uim Uim	Version 0.4.5

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 10.1

References (8)

http://lists.freedesktop.org/archives/uim/2005-February/000996.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/13981

Source: cve@mitre.org

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:046

Source: cve@mitre.org

http://www.securityfocus.com/bid/12604

Source: cve@mitre.org

PatchVendor Advisory

http://lists.freedesktop.org/archives/uim/2005-February/000996.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/13981

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:046

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/12604

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.