Bug 83165

Summary:	app-i18n/uim: Possible privilege escalation through linked setuid/setgid apps
Product:	Gentoo Security	Reporter:	Thierry Carrez (RETIRED) <koon>
Component:	Vulnerabilities	Assignee:	Bryan Østergaard (RETIRED) <kloeri>
Status:	RESOLVED DUPLICATE
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
URL:	http://lists.freedesktop.org/pipermail/uim/2005-February/000996.html
Whiteboard:	B2? [stable]
Package list:		Runtime testing required:	---

Description Thierry Carrez (RETIRED) gentoo-dev

2005-02-24 02:40:08 UTC

uim 0.4.5.1 is released. This release is for *security fix*.

 http://uim.freedesktop.org/releases/uim-0.4.5.1.tar.gz
 sha1sum:4a113fc3472fdf7561eb2ad57af189f94a7b17ee  uim-0.4.5.1.tar.gz

All uim except 0.4.5.1 and 0.4.6beta1 have a security hole.

If you are using 'immodule for Qt' enabled Qt, you should upgrade your 
uim to 0.4.5.1 or 0.4.6beta1. (We'll release 0.4.6beta1 ASAP.)

Brief of the bug
================

Vulnerability  : privilege escalation
Problem-Type   : local

Takumi ASAKI discovered that uim always trusts environment variables. 
But this is not correct behavior, sometimes environment variables 
shouldn't be trusted. This bug causes privilege escalation when libuim 
is linked against setuid/setgid application. Since GTK+ prohibits 
setuid/setgid applications, the bug appears only in 'immodule for Qt' 
enabled Qt. (Normal Qt is also safe.)

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-02-24 02:42:37 UTC

This is CAN-2005-0503
0.4.5.1 is already in the tree, needing stable keywords from alpha, amd64, ppc.

Comment 2 Jochen Maes (RETIRED) gentoo-dev

2005-02-24 02:54:42 UTC

testing on ppc

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-02-24 02:58:37 UTC

Sorry for the dupe, please ignore this bug

*** This bug has been marked as a duplicate of 82678 ***

Comment 4 Jochen Maes (RETIRED) gentoo-dev

2005-02-24 03:00:29 UTC

stable on ppc