CVE-2005-0503
published 2005-02-21CVE-2005-0503: uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
PriorityP413medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.36%
27.8th percentile
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | uim | < uim 1:0.4.6beta2-1 (bookworm) | uim 1:0.4.6beta2-1 (bookworm) |
| mandrakesoft | mandrake_linux | — | — |
| uim | uim | — | — |
| uim | uim | >= 0 < 1:0.4.6beta2-1 | 1:0.4.6beta2-1 |
| uim | uim | >= 0 < 1:0.4.6beta2-1 | 1:0.4.6beta2-1 |
| uim | uim | >= 0 < 1:0.4.6beta2-1 | 1:0.4.6beta2-1 |
| uim | uim | >= 0 < 1:0.4.6beta2-1 | 1:0.4.6beta2-1 |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p5v6-j4pp-pf2r: uim before 0
ghsa_unreviewed·2022-05-01
CVE-2005-0503 [MEDIUM] GHSA-p5v6-j4pp-pf2r: uim before 0
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
OSV
CVE-2005-0503: uim before 0
osv·2005-02-21·CVSS 4.6
CVE-2005-0503 [MEDIUM] CVE-2005-0503: uim before 0
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Debian
CVE-2005-0503: uim - uim before 0.4.5.1 trusts certain environment variables when libUIM is used in s...
vendor_debian·2005·CVSS 4.6
CVE-2005-0503 [MEDIUM] CVE-2005-0503: uim - uim before 0.4.5.1 trusts certain environment variables when libUIM is used in s...
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Scope: local
bookworm: resolved (fixed in 1:0.4.6beta2-1)
bullseye: resolved (fixed in 1:0.4.6beta2-1)
forky: resolved (fixed in 1:0.4.6beta2-1)
sid: resolved (fixed in 1:0.4.6beta2-1)
trixie: resolved (fixed in 1:0.4.6beta2-1)
No detection rules found.
No writeups or analysis indexed.
http://lists.freedesktop.org/archives/uim/2005-February/000996.htmlhttp://secunia.com/advisories/13981http://www.mandriva.com/security/advisories?name=MDKSA-2005:046http://www.securityfocus.com/bid/12604http://lists.freedesktop.org/archives/uim/2005-February/000996.htmlhttp://secunia.com/advisories/13981http://www.mandriva.com/security/advisories?name=MDKSA-2005:046http://www.securityfocus.com/bid/12604
2005-02-21
Published