SUSE-SA:2005:054: evolution

2005-10-05T00:00:00
ID SUSE_SA_2005_054.NASL
Type nessus
Reporter Tenable
Modified 2005-10-05T00:00:00

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:054 (evolution).

Several format string bugs allowed remote attackers to cause evolution to crash or even execute code via full vCard data, contact data from remote LDAP servers, task list data from remote servers (CVE-2005-2549) or calendar entries (CVE-2005-2550).

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:054
#


if ( ! defined_func("bn_random") ) exit(0);

include("compat.inc");

if(description)
{
 script_id(19933);
 script_version ("$Revision: 1.5 $");
 
 name["english"] = "SUSE-SA:2005:054: evolution";
 
 script_name(english:name["english"]);
 
 script_set_attribute(attribute:"synopsis", value:
"The remote host is missing a vendor-supplied security patch" );
 script_set_attribute(attribute:"description", value:
"The remote host is missing the patch for the advisory SUSE-SA:2005:054 (evolution).


Several format string bugs allowed remote attackers to cause
evolution to crash or even execute code via full vCard data, contact
data from remote LDAP servers, task list data from remote servers
(CVE-2005-2549) or calendar entries (CVE-2005-2550)." );
 script_set_attribute(attribute:"solution", value:
"http://www.suse.de/security/advisories/2005_54_evolution.html" );
 script_set_attribute(attribute:"risk_factor", value:"High" );



 script_set_attribute(attribute:"plugin_publication_date", value: "2005/10/05");
 script_end_attributes();

 
 summary["english"] = "Check for the version of the evolution package";
 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C) 2005-2010 Tenable Network Security, Inc.");
 family["english"] = "SuSE Local Security Checks";
 script_family(english:family["english"]);
 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/SuSE/rpm-list");
 exit(0);
}

include("rpm.inc");
if ( rpm_check( reference:"evolution-2.0.1-6.8", release:"SUSE9.2") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"evolution-devel-2.0.1-6.8", release:"SUSE9.2") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"evolution-pilot-2.0.1-6.8", release:"SUSE9.2") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"evolution-2.2.1-7.4", release:"SUSE9.3") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"evolution-data-server-1.2.1-7.3", release:"SUSE9.3") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"evolution-data-server-devel-1.2.1-7.3", release:"SUSE9.3") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"evolution-devel-2.2.1-7.4", release:"SUSE9.3") )
{
 security_hole(0);
 exit(0);
}
if ( rpm_check( reference:"evolution-pilot-2.2.1-7.4", release:"SUSE9.3") )
{
 security_hole(0);
 exit(0);
}