UIM LibUIM Environment Variables Privilege Escalation Weakness

UIM LibUIM Environment Variables Privilege Escalation Weakness

Uim is reported prone to an privilege escalation weakness. It is reported that the Uim library will always trust user-supplied environment variables, and that this may be exploited in circumstances where the Uim library is linked to a setuid/setgid application.

An attacker that has local interactive to a system that has a vulnerable application installed may potentially exploit this weakness to escalate privileges.