CVE-2005-3149 — uim - local privilege escalation

Description

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.

How to fix CVE-2005-3149

To remediate CVE-2005-3149, upgrade the affected package to a fixed version below.

Debian/uim—upgrade to 1:0.4.7-2 or later
Debian/uim—upgrade to 1:0.4.6final1-3sarge1 or later
Debian/uim—upgrade to 1:0.4.7-2.0etch1 or later

Is CVE-2005-3149 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

from 0, < 1:0.4.7-2
from 0, < 1:0.4.6final1-3sarge1
from 0, < 1:0.4.7-2.0etch1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-3149