Lucene search

K

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : evolution vulnerabilities (USN-615-1)

Ubuntu Evolution vulnerabilities, validation issues in iCalendar attachment

Show more
Related
Refs
Code
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-615-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(33124);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id("CVE-2008-1108", "CVE-2008-1109");
  script_xref(name:"USN", value:"615-1");

  script_name(english:"Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : evolution vulnerabilities (USN-615-1)");
  script_summary(english:"Checks dpkg output for updated packages.");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Ubuntu host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Alin Rad Pop of Secunia Research discovered that Evolution did not
properly validate timezone data when processing iCalendar attachments.
If a user disabled the ITip Formatter plugin and viewed a crafted
iCalendar attachment, an attacker could cause a denial of service or
possibly execute code with user privileges. Note that the ITip
Formatter plugin is enabled by default in Ubuntu. (CVE-2008-1108)

Alin Rad Pop of Secunia Research discovered that Evolution did not
properly validate the DESCRIPTION field when processing iCalendar
attachments. If a user were tricked into accepting a crafted iCalendar
attachment and replied to it from the calendar window, an attacker
code cause a denial of service or execute code with user privileges.
(CVE-2008-1109)

Matej Cepl discovered that Evolution did not properly validate date
fields when processing iCalendar attachments. If a user disabled the
ITip Formatter plugin and viewed a crafted iCalendar attachment, an
attacker could cause a denial of service. Note that the ITip Formatter
plugin is enabled by default in Ubuntu.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/615-1/"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evolution");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evolution-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evolution-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evolution-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evolution-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:evolution-plugins-experimental");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/06/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2008/06/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! ereg(pattern:"^(6\.06|7\.04|7\.10|8\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 7.04 / 7.10 / 8.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"6.06", pkgname:"evolution", pkgver:"2.6.1-0ubuntu7.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"evolution-dbg", pkgver:"2.6.1-0ubuntu7.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"evolution-dev", pkgver:"2.6.1-0ubuntu7.4")) flag++;
if (ubuntu_check(osver:"6.06", pkgname:"evolution-plugins", pkgver:"2.6.1-0ubuntu7.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"evolution", pkgver:"2.10.1-0ubuntu2.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"evolution-common", pkgver:"2.10.1-0ubuntu2.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"evolution-dbg", pkgver:"2.10.1-0ubuntu2.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"evolution-dev", pkgver:"2.10.1-0ubuntu2.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"evolution-plugins", pkgver:"2.10.1-0ubuntu2.4")) flag++;
if (ubuntu_check(osver:"7.04", pkgname:"evolution-plugins-experimental", pkgver:"2.10.1-0ubuntu2.4")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"evolution", pkgver:"2.12.1-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"evolution-common", pkgver:"2.12.1-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"evolution-dbg", pkgver:"2.12.1-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"evolution-dev", pkgver:"2.12.1-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"evolution-plugins", pkgver:"2.12.1-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"7.10", pkgname:"evolution-plugins-experimental", pkgver:"2.12.1-0ubuntu1.3")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"evolution", pkgver:"2.22.2-0ubuntu1.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"evolution-common", pkgver:"2.22.2-0ubuntu1.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"evolution-dbg", pkgver:"2.22.2-0ubuntu1.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"evolution-dev", pkgver:"2.22.2-0ubuntu1.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"evolution-plugins", pkgver:"2.22.2-0ubuntu1.2")) flag++;
if (ubuntu_check(osver:"8.04", pkgname:"evolution-plugins-experimental", pkgver:"2.22.2-0ubuntu1.2")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evolution / evolution-common / evolution-dbg / evolution-dev / etc");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Jun 2008 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS29.3
EPSS0.204
10
.json
Report