Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20080604_EVOLUTION_ON_SL3_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : evolution on SL3.x, SL4.x i386/x86_64
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.102 Low
EPSS
Percentile
95.0%
A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If mail which included a carefully crafted iCalendar attachment was opened, arbitrary code could be executed as the user running Evolution. (CVE-2008-1108)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60417);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2008-1108");
script_name(english:"Scientific Linux Security Update : evolution on SL3.x, SL4.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A flaw was found in the way Evolution parsed iCalendar timezone
attachment data. If mail which included a carefully crafted iCalendar
attachment was opened, arbitrary code could be executed as the user
running Evolution. (CVE-2008-1108)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0806&L=scientific-linux-errata&T=0&P=200
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?86f6e892"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected evolution and / or evolution-devel packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2008/06/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL3", reference:"evolution-1.4.5-22.el3")) flag++;
if (rpm_check(release:"SL3", reference:"evolution-devel-1.4.5-22.el3")) flag++;
if (rpm_check(release:"SL4", reference:"evolution-2.0.2-35.0.4.el4_6.2")) flag++;
if (rpm_check(release:"SL4", reference:"evolution-devel-2.0.2-35.0.4.el4_6.2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
oraclelinux
oraclelinux
evolution security update
2008-06-04 00:00:00
evolution28 security update
2008-06-04 00:00:00
centos
centos
evolution security update
2008-06-04 13:42:10
evolution28 security update
2008-06-04 16:27:50
evolution security update
2008-06-26 01:08:58
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:22:42
openvas
openvas
CentOS Update for evolution CESA-2008:0516 centos3 i386
2009-02-27 00:00:00
RedHat Update for evolution RHSA-2008:0516-01
2009-03-06 00:00:00
CentOS Update for evolution CESA-2008:0516 centos3 x86_64
2009-02-27 00:00:00
nessus
nessus
RHEL 4 : evolution (RHSA-2008:0517)
2013-01-24 00:00:00
Oracle Linux 3 / 4 : evolution (ELSA-2008-0516)
2013-07-12 00:00:00
RHEL 3 / 4 : evolution (RHSA-2008:0516)
2008-06-05 00:00:00
redhat
redhat
(RHSA-2008:0516) Critical: evolution security update
2008-06-04 00:00:00
(RHSA-2008:0517) Critical: evolution security update
2008-06-04 00:00:00
(RHSA-2008:0514) Important: evolution security update
2008-06-04 00:00:00
cvelist
cvelist
CVE-2008-1108
2008-06-04 20:00:00
nvd
nvd
CVE-2008-1108
2008-06-04 20:32:00
ubuntucve
ubuntucve
CVE-2008-1108
2008-06-04 00:00:00
prion
prion
Buffer overflow
2008-06-04 20:32:00
cve
cve
CVE-2008-1108
2008-06-04 20:32:00
debiancve
debiancve
CVE-2008-1108
2008-06-04 20:32:00
ubuntu
ubuntu
Evolution vulnerabilities
2008-06-06 00:00:00
suse
suse
remote code execution in evolution
2008-06-13 16:03:48
gentoo
gentoo
Evolution: User-assisted execution of arbitrary code
2008-06-16 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: evolution-2.22.2-2.fc9
2008-06-06 07:48:27
[SECURITY] Fedora 8 Update: evolution-2.12.3-5.fc8
2008-06-06 07:49:59
[SECURITY] Fedora 7 Update: evolution-2.10.3-10.fc7
2008-06-06 07:50:16
7.6 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.102 Low
EPSS
Percentile
95.0%
Related for SL_20080604_EVOLUTION_ON_SL3_X.NASL