First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 107748
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Jabari R. Roberts <tECHIDNA@gmail.com>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 107748 depends on: Show dependency tree
Bug 107748 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-09-30 17:45 0000 
UIM maintainer (TOKUNAGA Hiroyuki, tkng@xem.jp) states that there is a
privilege
escalation vulnerability in UIM version that are not 0.4.9.1 and 0.5.0.1 (the
most recent versions, and these were just added to portage [~'ed]).

From http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html:

uim-0.4.9.1 is released. This release is for *security fix*.

 http://uim.freedesktop.org/releases/uim-0.4.9.1.tar.gz
 sha1sum:9037499c47187aeee758ee2bfd60ba9d7d4f40ec  uim-0.4.9.1.tar.gz

All uim releases except 0.4.9.1 and 0.5.0.1 have a security hole.

If you are using setuid/setgid application which is linked to libuim,
you have to upgrade uim.

Brief of the bug
================

Vulnerability  : privilege escalation
Problem-Type   : local

Masanari Yamamoto discovered that incorrect use of environment
variables in uim. This bug causes privilege escalation if setuid/setgid
applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also
safe.) In some distribution, mlterm is also an setuid/setgid
application.


Changes between 0.4.9 to 0.4.9.1
================================

* Fixed incorrect use of environment variables.

and http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html:

uim-0.5.0.1 is released. This release is for *security fix*.

 http://uim.freedesktop.org/releases/uim-0.5.0.1.tar.gz
 sha1sum:d489003205c0e3a24d611e72d0b780ce35bf7474  uim-0.5.0.1.tar.gz

All uim releases except 0.4.9.1 and 0.5.0.1 have a security hole.

If you are using setuid/setgid application which is linked to libuim,
you have to upgrade uim.

Brief of the bug
================

Vulnerability  : privilege escalation
Problem-Type   : local

Masanari Yamamoto discovered that incorrect use of environment
variables in uim. This bug causes privilege escalation if setuid/setgid
applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also
safe.) In some distribution, mlterm is also an setuid/setgid
application.


Changes between 0.5.0 to 0.5.0.1
================================

* Fixed incorrect use of environment variables.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Jabari R. Roberts 2005-09-30 17:59:22 0000 ------- 
Specific location of UIM in portage is app-i18n/uim.

------- Comment #2 From Thierry Carrez (RETIRED) 2005-10-01 03:04:20 0000 ------- 
Not sure any privileged package in Portage links to uim, but should be fixed
nevertheless... it's already in portage thanks to usata.

Arches should test and mark stable 0.4.9.1 or 0.5.0.1,
Target KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"

------- Comment #3 From Simon Stelling (RETIRED) 2005-10-01 03:52:38 0000 ------- 
amd64 stable (0.5.0.1)

------- Comment #4 From Jose Luis Rivero (yoswink) 2005-10-01 05:53:21 0000 ------- 
alpha stable (0.5.0.1)

------- Comment #5 From Gustavo Zacarias (RETIRED) 2005-10-01 08:07:57 0000 ------- 
0.5.0.1 @ sparc stable.

------- Comment #6 From Markus Rothe 2005-10-01 08:15:13 0000 ------- 
stable on ppc64

------- Comment #7 From Michael Hanselmann (hansmi) (RETIRED) 2005-10-01 08:30:06 0000 ------- 
Stable on ppc.

------- Comment #8 From Mark Loeser 2005-10-01 13:30:24 0000 ------- 
x86 done

------- Comment #9 From Thierry Carrez (RETIRED) 2005-10-02 01:59:59 0000 ------- 
Ready for GLSA

------- Comment #10 From Sune Kloppenborg Jeppesen 2005-10-04 11:19:55 0000 ------- 
GLSA 200510-03
First Last Prev Next    No search results available      Search page      Enter new bug