The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code.
Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.
From Secunia Advisory SA29057:
_A format string error in the “emf_multipart_encrypted()” function in mail/em-format.c when displaying data (e.g. the “Version:” field) from an encrypted e-mail message can be exploited to execute arbitrary code via a specially crafted e-mail message.
Successful exploitation requires that the user selects a malicious e-mail message._
A remote, unauthenticated attacker may be able to execute arbitrary code or cause Evolution to crash.
Upgrade
The Evolution team has released a patch to address this issue. See GNOME Bug 520745 for more information. Users and administrators who do not compile Evolution from source should obtain fixed software from their operating system vendor.
512491
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: March 07, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: March 07, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://bugzilla.gnome.org/show_bug.cgi?id=520745> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).
Updated: March 07, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.gentoo.org/security/en/glsa/glsa-200803-12.xml> for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).
Updated: March 07, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <https://rhn.redhat.com/errata/RHSA-2008-0177.html> for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).
Updated: March 07, 2008
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
See <http://www.ubuntu.com/usn/usn-583-1> for more information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23512491 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was made public by Ulf Harnhammar of Secunia Research.
This document was written by Ryan Giobbi.
CVE IDs: | CVE-2008-0072 |
---|---|
Severity Metric: | 1.80 Date Public: |