CVE-2005-3149

Name of the Vulnerable Software and Affected Versions Uim versions prior to 0.4.9.1 Uim version 0.5.0 and earlier

Description The issue concerns multiple vulnerabilities in the Uim package, which can lead to a breach of confidentiality, integrity, and availability of protected information. Specifically, Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt. This allows local users to gain privileges.

Recommendations For Uim versions prior to 0.4.9.1, update to version 0.4.9.1 or later to resolve the issue. For Uim version 0.5.0 and earlier, update to a version later than 0.5.0 to resolve the issue. As a temporary workaround, consider restricting access to suid or sgid applications linked to libuim to minimize the risk of exploitation.