uim prior to 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
uim uim 0.4.5 |
||
mandrakesoft mandrake linux 10.1 |