Test ID:	1.3.6.1.4.1.25623.1.0.55873
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-895-1)
Summary:	The remote host is missing an update for the Debian 'uim' package(s) announced via the DSA-895-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'uim' package(s) announced via the DSA-895-1 advisory. Vulnerability Insight: Masanari Yamamoto discovered incorrect use of environment variables in uim, a flexible input method collection and library, that could lead to escalated privileges in setuid/setgid applications linked to libuim. Affected in Debian is at least mlterm. The old stable distribution (woody) does not contain uim packages. For the stable distribution (sarge) this problem has been fixed in version 0.4.6final1-3sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.4.7-2. We recommend that you upgrade your libuim packages. Affected Software/OS: 'uim' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3149 BugTraq ID: 15007 http://www.securityfocus.com/bid/15007 Debian Security Information: DSA-895 (Google Search) http://www.debian.org/security/2005/dsa-895 http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html http://securitytracker.com/id?1015002 http://secunia.com/advisories/17043 http://secunia.com/advisories/17058 http://secunia.com/advisories/17572 http://www.vupen.com/english/advisories/2005/1946 http://www.vupen.com/english/advisories/2005/1947
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.