Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 107748 - app-i18n/uim: Privilege escalation vulnerability
Summary: app-i18n/uim: Privilege escalation vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://lists.freedesktop.org/pipermai...
Whiteboard: C1? [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2005-09-30 17:45 UTC by Jabari R. Roberts
Modified: 2005-10-04 11:19 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jabari R. Roberts 2005-09-30 17:45:33 UTC
UIM maintainer (TOKUNAGA Hiroyuki, tkng@xem.jp) states that there is a privilege
escalation vulnerability in UIM version that are not 0.4.9.1 and 0.5.0.1 (the
most recent versions, and these were just added to portage [~'ed]).

From http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html:

uim-0.4.9.1 is released. This release is for *security fix*.

 http://uim.freedesktop.org/releases/uim-0.4.9.1.tar.gz
 sha1sum:9037499c47187aeee758ee2bfd60ba9d7d4f40ec  uim-0.4.9.1.tar.gz

All uim releases except 0.4.9.1 and 0.5.0.1 have a security hole.

If you are using setuid/setgid application which is linked to libuim,
you have to upgrade uim.

Brief of the bug
================

Vulnerability  : privilege escalation
Problem-Type   : local

Masanari Yamamoto discovered that incorrect use of environment
variables in uim. This bug causes privilege escalation if setuid/setgid
applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also
safe.) In some distribution, mlterm is also an setuid/setgid
application.


Changes between 0.4.9 to 0.4.9.1
================================

* Fixed incorrect use of environment variables.

and http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html:

uim-0.5.0.1 is released. This release is for *security fix*.

 http://uim.freedesktop.org/releases/uim-0.5.0.1.tar.gz
 sha1sum:d489003205c0e3a24d611e72d0b780ce35bf7474  uim-0.5.0.1.tar.gz

All uim releases except 0.4.9.1 and 0.5.0.1 have a security hole.

If you are using setuid/setgid application which is linked to libuim,
you have to upgrade uim.

Brief of the bug
================

Vulnerability  : privilege escalation
Problem-Type   : local

Masanari Yamamoto discovered that incorrect use of environment
variables in uim. This bug causes privilege escalation if setuid/setgid
applications was linked to libuim.

This bug appears in 'immodule for Qt' enabled Qt. (Normal Qt is also
safe.) In some distribution, mlterm is also an setuid/setgid
application.


Changes between 0.5.0 to 0.5.0.1
================================

* Fixed incorrect use of environment variables.

Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Jabari R. Roberts 2005-09-30 17:59:22 UTC
Specific location of UIM in portage is app-i18n/uim.
Comment 2 Thierry Carrez (RETIRED) gentoo-dev 2005-10-01 03:04:20 UTC
Not sure any privileged package in Portage links to uim, but should be fixed
nevertheless... it's already in portage thanks to usata.

Arches should test and mark stable 0.4.9.1 or 0.5.0.1,
Target KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
Comment 3 Simon Stelling (RETIRED) gentoo-dev 2005-10-01 03:52:38 UTC
amd64 stable (0.5.0.1)
Comment 4 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2005-10-01 05:53:21 UTC
alpha stable (0.5.0.1)
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2005-10-01 08:07:57 UTC
0.5.0.1 @ sparc stable.
Comment 6 Markus Rothe (RETIRED) gentoo-dev 2005-10-01 08:15:13 UTC
stable on ppc64
Comment 7 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-10-01 08:30:06 UTC
Stable on ppc.
Comment 8 Mark Loeser (RETIRED) gentoo-dev 2005-10-01 13:30:24 UTC
x86 done
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2005-10-02 01:59:59 UTC
Ready for GLSA
Comment 10 Sune Kloppenborg Jeppesen gentoo-dev 2005-10-04 11:19:55 UTC
GLSA 200510-03