CVE-2005-0503 Information

Description

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications which allows local users to gain privileges.

Reference

http://lists.freedesktop.org/archives/uim/2005-February/000996.html http://secunia.com/advisories/13981 http://www.mandriva.com/security/advisories?name=MDKSA-2005:046 http://www.securityfocus.com/bid/12604