UIM LibUIM Environment Variables Privilege Escalation Weakness

Uim is reported prone to an privilege escalation weakness. It is reported that the Uim library will always trust user-supplied environment variables, and that this may be exploited in circumstances where the Uim library is linked to a setuid/setgid application.

An attacker that has local interactive to a system that has a vulnerable application installed may potentially exploit this weakness to escalate privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus