Debian Security Advisory DSA 895-1 (uim) Network Vulnerability

Summary

The remote host is missing an update to uim announced via advisory DSA 895-1. Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm. The old stable distribution (woody) does not contain uim packags.

Solution

For the stable distribution (sarge) this problem has been fixed in version 0.4.6final1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.4.7-2. We recommend that you upgrade your libuim packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20895-1

Severity

Classification

CVE CVE-2005-3149
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1107-1 (gnupg)
Debian Security Advisory DSA 1155-2 (sendmail)
Debian Security Advisory DSA 1152-1 (trac)
Debian Security Advisory DSA 025-1 (openssh)
Debian Security Advisory DSA 1056-1 (webcalendar)

Take action and discover your vulnerabilities