Lucene search

CERTVU:512491

HistoryMar 07, 2008 - 12:00 a.m.

GNOME Evolution format string vulnerability

2008-03-0700:00:00

www.kb.cert.org

0.435 Medium

EPSS

Percentile

97.4%

JSON

Overview

The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code.

Description

Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.

From Secunia Advisory SA29057:
_A format string error in the “emf_multipart_encrypted()” function in mail/em-format.c when displaying data (e.g. the “Version:” field) from an encrypted e-mail message can be exploited to execute arbitrary code via a specially crafted e-mail message.

Successful exploitation requires that the user selects a malicious e-mail message._

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause Evolution to crash.

Solution

Upgrade

The Evolution team has released a patch to address this issue. See GNOME Bug 520745 for more information. Users and administrators who do not compile Evolution from source should obtain fixed software from their operating system vendor.

Vendor Information

512491

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Debian GNU/Linux Affected

Updated: March 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

GNOME __ Affected

Updated: March 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://bugzilla.gnome.org/show_bug.cgi?id=520745> for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).

Gentoo Linux __ Affected

Updated: March 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://www.gentoo.org/security/en/glsa/glsa-200803-12.xml> for more details.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).

Red Hat, Inc. __ Affected

Updated: March 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <https://rhn.redhat.com/errata/RHSA-2008-0177.html> for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).

Ubuntu __ Affected

Updated: March 07, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

See <http://www.ubuntu.com/usn/usn-583-1> for more information.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).