Uim · Uim · CVE-2005-3149
**Name of the Vulnerable Software and Affected Versions**
Uim versions prior to 0.4.9.1
Uim version 0.5.0 and earlier
**Description**
The issue concerns multiple vulnerabilities in the Uim package, which can lead to a breach of confidentiality, integrity, and availability of protected information. Specifically, Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the `LIBUIM VANILLA` environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt. This allows local users to gain privileges.
**Recommendations**
For Uim versions prior to 0.4.9.1, update to version 0.4.9.1 or later to resolve the issue.
For Uim version 0.5.0 and earlier, update to a version later than 0.5.0 to resolve the issue.
As a temporary workaround, consider restricting access to suid or sgid applications linked to libuim to minimize the risk of exploitation.