ID OPENVAS:60497 Type openvas Reporter Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com Modified 2017-07-07T00:00:00
Description
The remote host is missing an update to evolution
announced via advisory DSA 1512-1.
# OpenVAS Vulnerability Test
# $Id: deb_1512_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 1512-1 (evolution)
#
# Authors:
# Thomas Reinke <reinke@securityspace.com>
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_insight = "Ulf Härnhammar discovered that Evolution, the e-mail and groupware suite,
had a format string vulnerability in the parsing of encrypted mail messages.
If the user opened a specially crafted email message, code execution was
possible.
For the stable distribution (etch), this problem has been fixed in version
2.6.3-6etch2.
For the old stable distribution (sarge), this problem has been fixed in
version 2.0.4-2sarge3. Some architectures have not yet completed building
the updated package for sarge at this time, they will be added as they
come available.
For the unstable distribution (sid), this problem has been fixed in
version 2.12.3-1.1.
We recommend that you upgrade your evolution package.";
tag_summary = "The remote host is missing an update to evolution
announced via advisory DSA 1512-1.";
tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201512-1";
if(description)
{
script_id(60497);
script_version("$Revision: 6616 $");
script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
script_tag(name:"creation_date", value:"2008-03-11 21:16:32 +0100 (Tue, 11 Mar 2008)");
script_cve_id("CVE-2008-0072");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 1512-1 (evolution)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
#
# The script code starts here
#
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"evolution-dev", ver:"2.0.4-2sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"evolution", ver:"2.0.4-2sarge3", rls:"DEB3.1")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"evolution-common", ver:"2.6.3-6etch2", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"evolution-dbg", ver:"2.6.3-6etch2", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"evolution", ver:"2.6.3-6etch2", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"evolution-plugins", ver:"2.6.3-6etch2", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"evolution-dev", ver:"2.6.3-6etch2", rls:"DEB4.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"evolution-plugins-experimental", ver:"2.6.3-6etch2", rls:"DEB4.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Debian Local Security Checks", "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update to evolution\nannounced via advisory DSA 1512-1.", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "9833f40bc3a3d47f54c0f749dcf51270"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "76cbb91fc6bf833778e477015ffe083e"}, {"key": "href", "hash": "7cefeac045e692ae8ece6245be09984b"}, {"key": "modified", "hash": "d89cc672a6266551218ef8145d1f22e2"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "pluginID", "hash": "8a346a0aeadf6f6177a5ba483d03d4c3"}, {"key": "published", "hash": "902a4fa3e976a08fb935cb61443102fa"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "244cbbd9c3f044aa5d0644924a7459d1"}, {"key": "sourceData", "hash": "9342248bf0009d6c0c7f103943340f32"}, {"key": "title", "hash": "5e760689bcd9e6d264288dde856ea73c"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=60497", "modified": "2017-07-07T00:00:00", "objectVersion": "1.3", "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-07-24T12:50:13", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-0072"]}, {"type": "oraclelinux", "idList": ["ELSA-2008-0177"]}, {"type": "suse", "idList": ["SUSE-SA:2008:014"]}, {"type": "ubuntu", "idList": ["USN-583-1"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2008-063.NASL", "CENTOS_RHSA-2008-0177.NASL", "REDHAT-RHSA-2008-0177.NASL", "UBUNTU_USN-583-1.NASL", "REDHAT-RHSA-2008-0178.NASL", "GENTOO_GLSA-200803-12.NASL", "DEBIAN_DSA-1512.NASL", "ORACLELINUX_ELSA-2008-0177.NASL", "FEDORA_2008-2292.NASL", "SL_20080305_EVOLUTION_ON_SL4_X.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310880101", "OPENVAS:870024", "OPENVAS:60515", "OPENVAS:840222", "OPENVAS:880076", "OPENVAS:860841", "OPENVAS:880101", "OPENVAS:1361412562310830459", "OPENVAS:1361412562310880076", "OPENVAS:1361412562310870024"]}, {"type": "gentoo", "idList": ["GLSA-200803-12"]}, {"type": "redhat", "idList": ["RHSA-2008:0178", "RHSA-2008:0177"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:19344", "SECURITYVULNS:VULN:8753"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1512-1:29E07"]}, {"type": "cert", "idList": ["VU:512491"]}, {"type": "centos", "idList": ["CESA-2008:0177"]}], "modified": "2017-07-24T12:50:13", "rev": 2}, "vulnersScore": 6.9}, "id": "OPENVAS:60497", "title": "Debian Security Advisory DSA 1512-1 (evolution)", "hash": "98cd7c85ce901741980822c57fd70ac5ef4ee3d997b707b1d803154aea5d3914", "edition": 2, "published": "2008-03-11T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-02T21:10:22", "bulletin": {"hash": "05854439cf6f98ca1b8070f18d2d115a50fa9da13e85a96a5dd64ff1c51f4620", "viewCount": 0, "reporter": "Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com", "references": [], "description": "The remote host is missing an update to evolution\nannounced via advisory DSA 1512-1.", "hashmap": [{"key": "sourceData", "hash": "d75eb48ba7fc2c4351a7d574ce3100a3"}, {"key": "modified", "hash": "8b938ca353f6871ff76be0ceabc14b57"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "76cbb91fc6bf833778e477015ffe083e"}, {"key": "pluginID", "hash": "8a346a0aeadf6f6177a5ba483d03d4c3"}, {"key": "href", "hash": "7cefeac045e692ae8ece6245be09984b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "title", "hash": "5e760689bcd9e6d264288dde856ea73c"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "published", "hash": "902a4fa3e976a08fb935cb61443102fa"}, {"key": "reporter", "hash": "244cbbd9c3f044aa5d0644924a7459d1"}, {"key": "naslFamily", "hash": "74562d71b087df9eabd0c21f99b132cc"}, {"key": "cvelist", "hash": "9833f40bc3a3d47f54c0f749dcf51270"}], "naslFamily": "Debian Local Security Checks", "modified": "2016-08-31T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=60497", "published": "2008-03-11T00:00:00", "enchantments": {}, "id": "OPENVAS:60497", "title": "Debian Security Advisory DSA 1512-1 (evolution)", "bulletinFamily": "scanner", "edition": 1, "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1512_1.nasl 3913 2016-08-31 08:01:39Z teissa $\n# Description: Auto-generated from advisory DSA 1512-1 (evolution)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ulf H\u00e4rnhammar discovered that Evolution, the e-mail and groupware suite,\nhad a format string vulnerability in the parsing of encrypted mail messages.\nIf the user opened a specially crafted email message, code execution was\npossible.\n\nFor the stable distribution (etch), this problem has been fixed in version\n2.6.3-6etch2.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 2.0.4-2sarge3. Some architectures have not yet completed building\nthe updated package for sarge at this time, they will be added as they\ncome available.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.3-1.1.\n\nWe recommend that you upgrade your evolution package.\";\ntag_summary = \"The remote host is missing an update to evolution\nannounced via advisory DSA 1512-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201512-1\";\n\n\nif(description)\n{\n script_id(60497);\n script_version(\"$Revision: 3913 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-08-31 10:01:39 +0200 (Wed, 31 Aug 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-03-11 21:16:32 +0100 (Tue, 11 Mar 2008)\");\n script_cve_id(\"CVE-2008-0072\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1512-1 (evolution)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"HostDetails/OS/cpe:/o:debian:debian_linux\", \"login/SSH/success\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"evolution-dev\", ver:\"2.0.4-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution\", ver:\"2.0.4-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-common\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-dbg\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-plugins\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-dev\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-plugins-experimental\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "type": "openvas", "history": [], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2008-0072"], "lastseen": "2017-07-02T21:10:22", "pluginID": "60497"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2008-0072"], "lastseen": "2017-07-24T12:50:13", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1512_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1512-1 (evolution)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ulf H\u00e4rnhammar discovered that Evolution, the e-mail and groupware suite,\nhad a format string vulnerability in the parsing of encrypted mail messages.\nIf the user opened a specially crafted email message, code execution was\npossible.\n\nFor the stable distribution (etch), this problem has been fixed in version\n2.6.3-6etch2.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 2.0.4-2sarge3. Some architectures have not yet completed building\nthe updated package for sarge at this time, they will be added as they\ncome available.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.3-1.1.\n\nWe recommend that you upgrade your evolution package.\";\ntag_summary = \"The remote host is missing an update to evolution\nannounced via advisory DSA 1512-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201512-1\";\n\n\nif(description)\n{\n script_id(60497);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-03-11 21:16:32 +0100 (Tue, 11 Mar 2008)\");\n script_cve_id(\"CVE-2008-0072\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 1512-1 (evolution)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"evolution-dev\", ver:\"2.0.4-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution\", ver:\"2.0.4-2sarge3\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-common\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-dbg\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-plugins\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-dev\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"evolution-plugins-experimental\", ver:\"2.6.3-6etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "pluginID": "60497"}
{"cve": [{"lastseen": "2019-05-29T18:09:24", "bulletinFamily": "NVD", "description": "Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.", "modified": "2018-10-15T21:57:00", "id": "CVE-2008-0072", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0072", "published": "2008-03-06T00:44:00", "title": "CVE-2008-0072", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-27T10:56:46", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2017-07-12T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=870024", "id": "OPENVAS:870024", "title": "RedHat Update for evolution RHSA-2008:0177-01", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for evolution RHSA-2008:0177-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evolution is the GNOME collection of personal information management (PIM)\n tools.\n\n A format string flaw was found in the way Evolution displayed encrypted\n mail content. If a user opened a carefully crafted mail message, arbitrary\n code could be executed as the user running Evolution. (CVE-2008-0072)\n \n All users of Evolution should upgrade to these updated packages, which\n contain a backported patch which resolves this issue.\n \n Red Hat would like to thank Ulf H\u00e4rnhammar of Secunia Research for finding\n and reporting this issue.\";\n\ntag_affected = \"evolution on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00001.html\");\n script_id(870024);\n script_version(\"$Revision: 6683 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:41:57 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0177-01\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"RedHat Update for evolution RHSA-2008:0177-01\");\n\n script_summary(\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.2~35.0.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-debuginfo\", rpm:\"evolution-debuginfo~2.0.2~35.0.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.2~35.0.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28\", rpm:\"evolution28~2.8.0~53.el4_6.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28-debuginfo\", rpm:\"evolution28-debuginfo~2.8.0~53.el4_6.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28-devel\", rpm:\"evolution28-devel~2.8.0~53.el4_6.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:59", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860841", "id": "OPENVAS:860841", "title": "Fedora Update for evolution FEDORA-2008-2290", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for evolution FEDORA-2008-2290\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"evolution on Fedora 7\";\ntag_insight = \"Evolution is the GNOME mailer, calendar, contact manager and\n communications tool. The tools which make up Evolution will\n be tightly integrated with one another and act as a seamless\n personal information-management tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.html\");\n script_id(860841);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-2290\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"Fedora Update for evolution FEDORA-2008-2290\");\n\n script_summary(\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC7\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.10.3~8.fc7\", rls:\"FC7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-12-12T11:20:50", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2017-12-08T00:00:00", "published": "2009-01-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=850012", "id": "OPENVAS:850012", "title": "SuSE Update for evolution SUSE-SA:2008:014", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2008_014.nasl 8050 2017-12-08 09:34:29Z santu $\n#\n# SuSE Update for evolution SUSE-SA:2008:014\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evolution is a personal information manager (PIM) and workgroup information\n management software.\n\n The function emf_multipart_encrypted() that is used to process encrypted\n messages is vulnerable to format-string bugs.\n This bug can be abused by a remote attacker to execute arbitrary code by\n sending a crafted encrypted eMail.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"evolution on SUSE LINUX 10.1, openSUSE 10.2, openSUSE 10.3, Novell Linux Desktop 9, SUSE Linux Enterprise Desktop 10 SP1, SLE SDK 10 SP1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850012);\n script_version(\"$Revision: 8050 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 10:34:29 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-01-23 16:44:26 +0100 (Fri, 23 Jan 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"SUSE-SA\", value: \"2008-014\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"SuSE Update for evolution SUSE-SA:2008:014\");\n\n script_summary(\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE10.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.12.0~5.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.12.0~5.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.12.0~5.6\", rls:\"openSUSE10.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE10.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.8.2~9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.8.2~9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.8.2~9\", rls:\"openSUSE10.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDK10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.4~0.13\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.4~0.13\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.0.4~0.13\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.6.0~49.66.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.6.0~49.66.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.6.0~49.66.3\", rls:\"SLESDK10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"NLDk9\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.4~0.13\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.4~0.13\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.0.4~0.13\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.6.0~49.66.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.6.0~49.66.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.6.0~49.66.3\", rls:\"NLDk9\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SLESDk10SP1\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.4~0.13\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.4~0.13\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.0.4~0.13\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.6.0~49.66.3\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.6.0~49.66.3\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.6.0~49.66.3\", rls:\"SLESDk10SP1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"SL10.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.6.0~49.66.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.6.0~49.66.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.6.0~49.66.3\", rls:\"SL10.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:56:08", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2017-07-06T00:00:00", "published": "2009-04-09T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=830459", "id": "OPENVAS:830459", "title": "Mandriva Update for evolution MDVSA-2008:063 (evolution)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for evolution MDVSA-2008:063 (evolution)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Ulf Harnhammar of Secunia Research discovered a format string flaw\n in how Evolution displayed encrypted mail content. If a user were\n to open a carefully crafted email message, arbitrary code could be\n executed with the permissions of the user running Evolution.\n\n The updated packages have been patched to correct this issue.\";\n\ntag_affected = \"evolution on Mandriva Linux 2007.1,\n Mandriva Linux 2007.1/X86_64,\n Mandriva Linux 2008.0,\n Mandriva Linux 2008.0/X86_64\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.mandriva.com/security-announce/2008-03/msg00008.php\");\n script_id(830459);\n script_version(\"$Revision: 6568 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-06 15:04:21 +0200 (Thu, 06 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"MDVSA\", value: \"2008:063\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"Mandriva Update for evolution MDVSA-2008:063 (evolution)\");\n\n script_summary(\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2007.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.10.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.10.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mono\", rpm:\"evolution-mono~2.10.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.10.2~2.2mdv2007.1\", rls:\"MNDK_2007.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2008.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.12.3~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.12.3~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-mono\", rpm:\"evolution-mono~2.12.3~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-pilot\", rpm:\"evolution-pilot~2.12.3~1.2mdv2008.0\", rls:\"MNDK_2008.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:00", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2017-07-10T00:00:00", "published": "2009-02-16T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=860023", "id": "OPENVAS:860023", "title": "Fedora Update for evolution FEDORA-2008-2292", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for evolution FEDORA-2008-2292\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"evolution on Fedora 8\";\ntag_insight = \"Evolution is the GNOME mailer, calendar, contact manager and\n communications tool. The tools which make up Evolution will\n be tightly integrated with one another and act as a seamless\n personal information-management tool.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.html\");\n script_id(860023);\n script_version(\"$Revision: 6623 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:10:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-16 16:22:52 +0100 (Mon, 16 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"FEDORA\", value: \"2008-2292\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"Fedora Update for evolution FEDORA-2008-2292\");\n\n script_summary(\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC8\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.12.3~3.fc8\", rls:\"FC8\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:59", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880101", "id": "OPENVAS:880101", "title": "CentOS Update for evolution CESA-2008:0177 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for evolution CESA-2008:0177 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evolution is the GNOME collection of personal information management (PIM)\n tools.\n\n A format string flaw was found in the way Evolution displayed encrypted\n mail content. If a user opened a carefully crafted mail message, arbitrary\n code could be executed as the user running Evolution. (CVE-2008-0072)\n \n All users of Evolution should upgrade to these updated packages, which\n contain a backported patch which resolves this issue.\n \n Red Hat would like to thank Ulf H\u00e4rnhammar of Secunia Research for finding\n and reporting this issue.\";\n\ntag_affected = \"evolution on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014750.html\");\n script_id(880101);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0177\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"CentOS Update for evolution CESA-2008:0177 centos4 i386\");\n\n script_summary(\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.2~35.0.4.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.2~35.0.4.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28\", rpm:\"evolution28~2.8.0~53.el4_6.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28-devel\", rpm:\"evolution28-devel~2.8.0~53.el4_6.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:06", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2018-04-06T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310880101", "id": "OPENVAS:1361412562310880101", "title": "CentOS Update for evolution CESA-2008:0177 centos4 i386", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for evolution CESA-2008:0177 centos4 i386\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evolution is the GNOME collection of personal information management (PIM)\n tools.\n\n A format string flaw was found in the way Evolution displayed encrypted\n mail content. If a user opened a carefully crafted mail message, arbitrary\n code could be executed as the user running Evolution. (CVE-2008-0072)\n \n All users of Evolution should upgrade to these updated packages, which\n contain a backported patch which resolves this issue.\n \n Red Hat would like to thank Ulf H\u00e4rnhammar of Secunia Research for finding\n and reporting this issue.\";\n\ntag_affected = \"evolution on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014750.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.880101\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0177\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"CentOS Update for evolution CESA-2008:0177 centos4 i386\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.2~35.0.4.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.2~35.0.4.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28\", rpm:\"evolution28~2.8.0~53.el4_6.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28-devel\", rpm:\"evolution28-devel~2.8.0~53.el4_6.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-09T11:41:36", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2018-04-06T00:00:00", "published": "2009-03-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870024", "id": "OPENVAS:1361412562310870024", "type": "openvas", "title": "RedHat Update for evolution RHSA-2008:0177-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for evolution RHSA-2008:0177-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evolution is the GNOME collection of personal information management (PIM)\n tools.\n\n A format string flaw was found in the way Evolution displayed encrypted\n mail content. If a user opened a carefully crafted mail message, arbitrary\n code could be executed as the user running Evolution. (CVE-2008-0072)\n \n All users of Evolution should upgrade to these updated packages, which\n contain a backported patch which resolves this issue.\n \n Red Hat would like to thank Ulf H\u00e4rnhammar of Secunia Research for finding\n and reporting this issue.\";\n\ntag_affected = \"evolution on Red Hat Enterprise Linux AS version 4,\n Red Hat Enterprise Linux ES version 4,\n Red Hat Enterprise Linux WS version 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2008-March/msg00001.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870024\");\n script_version(\"$Revision: 9370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2008:0177-01\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"RedHat Update for evolution RHSA-2008:0177-01\");\n\n script_tag(name:\"summary\", value:\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_4\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.2~35.0.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-debuginfo\", rpm:\"evolution-debuginfo~2.0.2~35.0.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.2~35.0.4.el4_6.1\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28\", rpm:\"evolution28~2.8.0~53.el4_6.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28-debuginfo\", rpm:\"evolution28-debuginfo~2.8.0~53.el4_6.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28-devel\", rpm:\"evolution28-devel~2.8.0~53.el4_6.2\", rls:\"RHENT_4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:47", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200803-12.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=60515", "id": "OPENVAS:60515", "title": "Gentoo Security Advisory GLSA 200803-12 (evolution)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A format string error has been discovered in Evolution, possibly resulting\nin the execution of arbitrary code.\";\ntag_solution = \"All Evolution users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/evolution-2.12.3-r1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200803-12\nhttp://bugs.gentoo.org/show_bug.cgi?id=212272\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200803-12.\";\n\n \n\nif(description)\n{\n script_id(60515);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-0072\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200803-12 (evolution)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"mail-client/evolution\", unaffected: make_list(\"ge 2.12.3-r1\"), vulnerable: make_list(\"lt 2.12.3-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:48", "bulletinFamily": "scanner", "description": "Check for the Version of evolution", "modified": "2017-07-10T00:00:00", "published": "2009-02-27T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=880076", "id": "OPENVAS:880076", "title": "CentOS Update for evolution CESA-2008:0177 centos4 x86_64", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for evolution CESA-2008:0177 centos4 x86_64\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Evolution is the GNOME collection of personal information management (PIM)\n tools.\n\n A format string flaw was found in the way Evolution displayed encrypted\n mail content. If a user opened a carefully crafted mail message, arbitrary\n code could be executed as the user running Evolution. (CVE-2008-0072)\n \n All users of Evolution should upgrade to these updated packages, which\n contain a backported patch which resolves this issue.\n \n Red Hat would like to thank Ulf H\u00e4rnhammar of Secunia Research for finding\n and reporting this issue.\";\n\ntag_affected = \"evolution on CentOS 4\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2008-March/014751.html\");\n script_id(880076);\n script_version(\"$Revision: 6651 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:45:21 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-27 08:36:45 +0100 (Fri, 27 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"CESA\", value: \"2008:0177\");\n script_cve_id(\"CVE-2008-0072\");\n script_name( \"CentOS Update for evolution CESA-2008:0177 centos4 x86_64\");\n\n script_summary(\"Check for the Version of evolution\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS4\")\n{\n\n if ((res = isrpmvuln(pkg:\"evolution\", rpm:\"evolution~2.0.2~35.0.4.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution-devel\", rpm:\"evolution-devel~2.0.2~35.0.4.el4_6.1\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28\", rpm:\"evolution28~2.8.0~53.el4_6.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"evolution28-devel\", rpm:\"evolution28-devel~2.8.0~53.el4_6.2\", rls:\"CentOS4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2020-07-17T03:28:19", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2008:0177\n\n\nEvolution is the GNOME collection of personal information management (PIM)\r\ntools.\r\n\r\nA format string flaw was found in the way Evolution displayed encrypted\r\nmail content. If a user opened a carefully crafted mail message, arbitrary\r\ncode could be executed as the user running Evolution. (CVE-2008-0072)\r\n\r\nAll users of Evolution should upgrade to these updated packages, which\r\ncontain a backported patch which resolves this issue.\r\n\r\nRed Hat would like to thank Ulf H\u00e4rnhammar of Secunia Research for finding\r\nand reporting this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/026780.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/026781.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/026786.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/026787.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/026788.html\nhttp://lists.centos.org/pipermail/centos-announce/2008-March/026789.html\n\n**Affected packages:**\nevolution\nevolution-devel\nevolution28\nevolution28-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2008-0177.html", "modified": "2008-03-11T11:23:12", "published": "2008-03-05T19:23:46", "href": "http://lists.centos.org/pipermail/centos-announce/2008-March/026780.html", "id": "CESA-2008:0177", "title": "evolution, evolution28 security update", "type": "centos", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-08-01T05:25:55", "bulletinFamily": "scanner", "description": "This update of evolution fixes multiple format-string vulnerabilities\nthat can occur while processing encrypted messages. (CVE-2008-0072)", "modified": "2020-08-02T00:00:00", "id": "SUSE_EVOLUTION-5087.NASL", "href": "https://www.tenable.com/plugins/nessus/31454", "published": "2008-03-13T00:00:00", "title": "openSUSE 10 Security Update : evolution (evolution-5087)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update evolution-5087.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31454);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-0072\");\n\n script_name(english:\"openSUSE 10 Security Update : evolution (evolution-5087)\");\n script_summary(english:\"Check for the evolution-5087 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of evolution fixes multiple format-string vulnerabilities\nthat can occur while processing encrypted messages. (CVE-2008-0072)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evolution packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evolution-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:evolution-pilot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1|SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1 / 10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"evolution-2.6.0-49.66.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"evolution-devel-2.6.0-49.66.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.1\", reference:\"evolution-pilot-2.6.0-49.66.3\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"evolution-2.8.2-9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"evolution-devel-2.8.2-9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.2\", reference:\"evolution-pilot-2.8.2-9\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"evolution-2.12.0-5.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"evolution-devel-2.12.0-5.6\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"evolution-pilot-2.12.0-5.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T03:22:50", "bulletinFamily": "scanner", "description": "Ulf Harnhammar of Secunia Research discovered a format string flaw in\nhow Evolution displayed encrypted mail content. If a user were to open\na carefully crafted email message, arbitrary code could be executed\nwith the permissions of the user running Evolution.\n\nThe updated packages have been patched to correct this issue.", "modified": "2020-08-02T00:00:00", "id": "MANDRIVA_MDVSA-2008-063.NASL", "href": "https://www.tenable.com/plugins/nessus/36634", "published": "2009-04-23T00:00:00", "title": "Mandriva Linux Security Advisory : evolution (MDVSA-2008:063)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2008:063. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36634);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:50\");\n\n script_cve_id(\"CVE-2008-0072\");\n script_bugtraq_id(28102);\n script_xref(name:\"MDVSA\", value:\"2008:063\");\n\n script_name(english:\"Mandriva Linux Security Advisory : evolution (MDVSA-2008:063)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar of Secunia Research discovered a format string flaw in\nhow Evolution displayed encrypted mail content. If a user were to open\na carefully crafted email message, arbitrary code could be executed\nwith the permissions of the user running Evolution.\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:evolution-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:evolution-mono\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:evolution-pilot\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2008.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"evolution-2.10.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"evolution-devel-2.10.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"evolution-mono-2.10.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", reference:\"evolution-pilot-2.10.2-2.2mdv2007.1\", yank:\"mdv\")) flag++;\n\nif (rpm_check(release:\"MDK2008.0\", reference:\"evolution-2.12.3-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"evolution-devel-2.12.3-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"evolution-mono-2.12.3-1.2mdv2008.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2008.0\", reference:\"evolution-pilot-2.12.3-1.2mdv2008.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T01:35:26", "bulletinFamily": "scanner", "description": "Ulf Harnhammar of Secunia Research discovered a format string flaw in\nthe way Evolution displayed encrypted mail content. If a user opened a\ncarefully crafted mail message, arbitrary code could be executed as\nthe user running Evolution. (CVE-2008-0072)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-08-02T00:00:00", "id": "FEDORA_2008-2290.NASL", "href": "https://www.tenable.com/plugins/nessus/31374", "published": "2008-03-07T00:00:00", "title": "Fedora 7 : evolution-2.10.3-8.fc7 (2008-2290)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2290.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31374);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-0072\");\n script_bugtraq_id(28102);\n script_xref(name:\"FEDORA\", value:\"2008-2290\");\n\n script_name(english:\"Fedora 7 : evolution-2.10.3-8.fc7 (2008-2290)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar of Secunia Research discovered a format string flaw in\nthe way Evolution displayed encrypted mail content. If a user opened a\ncarefully crafted mail message, arbitrary code could be executed as\nthe user running Evolution. (CVE-2008-0072)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435759\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008529.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b0984e5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evolution package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 7.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC7\", reference:\"evolution-2.10.3-8.fc7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T05:25:55", "bulletinFamily": "scanner", "description": "This update of evolution fixes multiple format-string vulnerabilities\nthat can occur while processing encrypted messages. (CVE-2008-0072)", "modified": "2020-08-02T00:00:00", "id": "SUSE_EVOLUTION-5086.NASL", "href": "https://www.tenable.com/plugins/nessus/31453", "published": "2008-03-13T00:00:00", "title": "SuSE 10 Security Update : evolution (ZYPP Patch Number 5086)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31453);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2019/10/25 13:36:32\");\n\n script_cve_id(\"CVE-2008-0072\");\n\n script_name(english:\"SuSE 10 Security Update : evolution (ZYPP Patch Number 5086)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of evolution fixes multiple format-string vulnerabilities\nthat can occur while processing encrypted messages. (CVE-2008-0072)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-0072.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5086.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"evolution-2.6.0-49.66.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"evolution-devel-2.6.0-49.66.3\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"evolution-pilot-2.6.0-49.66.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T01:17:28", "bulletinFamily": "scanner", "description": "Ulf Harnhammar discovered that Evolution, the e-mail and groupware\nsuite, had a format string vulnerability in the parsing of encrypted\nmail messages. If the user opened a specially crafted email message,\ncode execution was possible.", "modified": "2020-08-02T00:00:00", "id": "DEBIAN_DSA-1512.NASL", "href": "https://www.tenable.com/plugins/nessus/31359", "published": "2008-03-07T00:00:00", "title": "Debian DSA-1512-1 : evolution - format string attack", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1512. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31359);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:21\");\n\n script_cve_id(\"CVE-2008-0072\");\n script_xref(name:\"DSA\", value:\"1512\");\n\n script_name(english:\"Debian DSA-1512-1 : evolution - format string attack\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar discovered that Evolution, the e-mail and groupware\nsuite, had a format string vulnerability in the parsing of encrypted\nmail messages. If the user opened a specially crafted email message,\ncode execution was possible.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2008/dsa-1512\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the evolution package.\n\nFor the stable distribution (etch), this problem has been fixed in\nversion 2.6.3-6etch2.\n\nFor the old stable distribution (sarge), this problem has been fixed\nin version 2.0.4-2sarge3. Some architectures have not yet completed\nbuilding the updated package for sarge, they will be added as they\ncome available.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"evolution\", reference:\"2.0.4-2sarge3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"evolution-dev\", reference:\"2.0.4-2sarge3\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"evolution\", reference:\"2.6.3-6etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"evolution-common\", reference:\"2.6.3-6etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"evolution-dbg\", reference:\"2.6.3-6etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"evolution-dev\", reference:\"2.6.3-6etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"evolution-plugins\", reference:\"2.6.3-6etch2\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"evolution-plugins-experimental\", reference:\"2.6.3-6etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T04:22:34", "bulletinFamily": "scanner", "description": "Updated evolution packages that fix a format string bug are now\navailable for Red Hat Enterprise Linux 4.5 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nEvolution is the GNOME collection of personal information management\n(PIM) tools.\n\nA format string flaw was found in the way Evolution displayed\nencrypted mail content. If a user opened a carefully crafted mail\nmessage, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-0072)\n\nAll users of Evolution should upgrade to these updated packages, which\ncontain a backported patch which resolves this issue.\n\nRed Hat would like to thank Ulf Harnhammar of Secunia Research for\nfinding and reporting this issue.", "modified": "2020-08-02T00:00:00", "id": "REDHAT-RHSA-2008-0178.NASL", "href": "https://www.tenable.com/plugins/nessus/63849", "published": "2013-01-24T00:00:00", "title": "RHEL 4 : evolution (RHSA-2008:0178)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0178. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(63849);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:13\");\n\n script_cve_id(\"CVE-2008-0072\");\n script_xref(name:\"RHSA\", value:\"2008:0178\");\n\n script_name(english:\"RHEL 4 : evolution (RHSA-2008:0178)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated evolution packages that fix a format string bug are now\navailable for Red Hat Enterprise Linux 4.5 Extended Update Support.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nEvolution is the GNOME collection of personal information management\n(PIM) tools.\n\nA format string flaw was found in the way Evolution displayed\nencrypted mail content. If a user opened a carefully crafted mail\nmessage, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-0072)\n\nAll users of Evolution should upgrade to these updated packages, which\ncontain a backported patch which resolves this issue.\n\nRed Hat would like to thank Ulf Harnhammar of Secunia Research for\nfinding and reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2008-0072.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2008-0178.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evolution and / or evolution-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:evolution-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL4\", sp:\"5\", reference:\"evolution-2.0.2-35.0.4.el4_5.1\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"5\", reference:\"evolution-devel-2.0.2-35.0.4.el4_5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T04:51:29", "bulletinFamily": "scanner", "description": "A format string flaw was found in the way Evolution displayed\nencrypted mail content. If a user opened a carefully crafted mail\nmessage, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-0072)", "modified": "2020-08-02T00:00:00", "id": "SL_20080305_EVOLUTION_ON_SL4_X.NASL", "href": "https://www.tenable.com/plugins/nessus/60369", "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : evolution on SL4.x, SL5.x i386/x86_64", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(60369);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/25 13:36:17\");\n\n script_cve_id(\"CVE-2008-0072\");\n\n script_name(english:\"Scientific Linux Security Update : evolution on SL4.x, SL5.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A format string flaw was found in the way Evolution displayed\nencrypted mail content. If a user opened a carefully crafted mail\nmessage, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-0072)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0803&L=scientific-linux-errata&T=0&P=329\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fd071d5e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evolution and / or evolution-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL4\", reference:\"evolution-2.0.2-35.0.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"SL4\", reference:\"evolution-devel-2.0.2-35.0.4.el4_6.1\")) flag++;\n\nif (rpm_check(release:\"SL5\", reference:\"evolution-2.8.0-40.el5_1.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"evolution-devel-2.8.0-40.el5_1.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T01:35:26", "bulletinFamily": "scanner", "description": "Ulf Harnhammar of Secunia Research discovered a format string flaw in\nthe way Evolution displayed encrypted mail content. If a user opened a\ncarefully crafted mail message, arbitrary code could be executed as\nthe user running Evolution. (CVE-2008-0072)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2020-08-02T00:00:00", "id": "FEDORA_2008-2292.NASL", "href": "https://www.tenable.com/plugins/nessus/31375", "published": "2008-03-07T00:00:00", "title": "Fedora 8 : evolution-2.12.3-3.fc8 (2008-2292)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2008-2292.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31375);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:27\");\n\n script_cve_id(\"CVE-2008-0072\");\n script_bugtraq_id(28102);\n script_xref(name:\"FEDORA\", value:\"2008-2292\");\n\n script_name(english:\"Fedora 8 : evolution-2.12.3-3.fc8 (2008-2292)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Ulf Harnhammar of Secunia Research discovered a format string flaw in\nthe way Evolution displayed encrypted mail content. If a user opened a\ncarefully crafted mail message, arbitrary code could be executed as\nthe user running Evolution. (CVE-2008-0072)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=435759\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2008-March/008534.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?20bdce58\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evolution package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 8.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC8\", reference:\"evolution-2.12.3-3.fc8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T02:25:22", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200803-12\n(Evolution: Format string vulnerability)\n\n Ulf Harnhammar from Secunia Research discovered a format string error\n in the emf_multipart_encrypted() function in the file mail/em-format.c\n when reading certain data (e.g. the ", "modified": "2020-08-02T00:00:00", "id": "GENTOO_GLSA-200803-12.NASL", "href": "https://www.tenable.com/plugins/nessus/31387", "published": "2008-03-07T00:00:00", "title": "GLSA-200803-12 : Evolution: Format string vulnerability", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200803-12.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(31387);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2019/08/02 13:32:44\");\n\n script_cve_id(\"CVE-2008-0072\");\n script_xref(name:\"GLSA\", value:\"200803-12\");\n\n script_name(english:\"GLSA-200803-12 : Evolution: Format string vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200803-12\n(Evolution: Format string vulnerability)\n\n Ulf Harnhammar from Secunia Research discovered a format string error\n in the emf_multipart_encrypted() function in the file mail/em-format.c\n when reading certain data (e.g. the 'Version:' field) from an encrypted\n e-mail.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted\n encrypted e-mail, potentially resulting in the execution of arbitrary\n code with the privileges of the user running Evolution.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200803-12\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Evolution users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=mail-client/evolution-2.12.3-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/03/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"mail-client/evolution\", unaffected:make_list(\"ge 2.12.3-r1\"), vulnerable:make_list(\"lt 2.12.3-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Evolution\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-08-01T04:11:00", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2008:0177 :\n\nUpdated evolution packages that fix a format string bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nEvolution is the GNOME collection of personal information management\n(PIM) tools.\n\nA format string flaw was found in the way Evolution displayed\nencrypted mail content. If a user opened a carefully crafted mail\nmessage, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-0072)\n\nAll users of Evolution should upgrade to these updated packages, which\ncontain a backported patch which resolves this issue.\n\nRed Hat would like to thank Ulf Harnhammar of Secunia Research for\nfinding and reporting this issue.", "modified": "2020-08-02T00:00:00", "id": "ORACLELINUX_ELSA-2008-0177.NASL", "href": "https://www.tenable.com/plugins/nessus/67667", "published": "2013-07-12T00:00:00", "title": "Oracle Linux 4 : evolution (ELSA-2008-0177)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2008:0177 and \n# Oracle Linux Security Advisory ELSA-2008-0177 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67667);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/25 13:36:07\");\n\n script_cve_id(\"CVE-2008-0072\");\n script_bugtraq_id(28102);\n script_xref(name:\"RHSA\", value:\"2008:0177\");\n\n script_name(english:\"Oracle Linux 4 : evolution (ELSA-2008-0177)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2008:0177 :\n\nUpdated evolution packages that fix a format string bug are now\navailable for Red Hat Enterprise Linux 4 and 5.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nEvolution is the GNOME collection of personal information management\n(PIM) tools.\n\nA format string flaw was found in the way Evolution displayed\nencrypted mail content. If a user opened a carefully crafted mail\nmessage, arbitrary code could be executed as the user running\nEvolution. (CVE-2008-0072)\n\nAll users of Evolution should upgrade to these updated packages, which\ncontain a backported patch which resolves this issue.\n\nRed Hat would like to thank Ulf Harnhammar of Secunia Research for\nfinding and reporting this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2008-March/000534.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected evolution packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(134);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution28\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:evolution28-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"evolution-2.0.2-35.0.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"evolution-2.0.2-35.0.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"evolution-devel-2.0.2-35.0.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"evolution-devel-2.0.2-35.0.4.el4_6.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"evolution28-2.8.0-53.el4_6.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"evolution28-2.8.0-53.el4_6.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"evolution28-devel-2.8.0-53.el4_6.2.0.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"evolution28-devel-2.8.0-53.el4_6.2.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"evolution / evolution-devel / evolution28 / evolution28-devel\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:20", "bulletinFamily": "unix", "description": " evolution-2.0.2-35.0.4.el4_6.1:\n \n [2.0.2-35.0.4.el4.1]\n - Add patch for RH bug #435797 (format string vulnerability).\n \n evolution28-2.8.0-53.el4_6.2.0.1:\n \n [2.8.0-53.el4_6.2.0.1]\n - Comment evolution-2.8.0-red-hat-branding.patch to make evolution as \n vendor neutral\n \n [2.8.0-53.el4_6.2]\n - Fix hardcoded %dist tag for RHEL4_6-Z.\n \n [2.8.0-53.el4_6.1]\n - Add patch for RH bug #435801 (format string vulnerability). ", "modified": "2008-03-05T00:00:00", "published": "2008-03-05T00:00:00", "id": "ELSA-2008-0177", "href": "http://linux.oracle.com/errata/ELSA-2008-0177.html", "title": "Critical: evolution security update ", "type": "oraclelinux", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-07-09T00:30:05", "bulletinFamily": "unix", "description": "Ulf Harnhammar discovered that Evolution did not correctly handle format \nstrings when processing encrypted emails. A remote attacker could exploit \nthis by sending a specially crafted email, resulting in arbitrary code \nexecution.", "modified": "2008-03-05T00:00:00", "published": "2008-03-05T00:00:00", "id": "USN-583-1", "href": "https://ubuntu.com/security/notices/USN-583-1", "title": "Evolution vulnerability", "type": "ubuntu", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:35:11", "bulletinFamily": "unix", "description": "Evolution is a personal information manager (PIM) and workgroup information management software.\n#### Solution\nNo work-around. Please install the current security update package.", "modified": "2008-03-14T10:18:34", "published": "2008-03-14T10:18:34", "id": "SUSE-SA:2008:014", "href": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html", "title": "remote code execution in evolution", "type": "suse", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "description": "### Background\n\nEvolution is a GNOME groupware application. \n\n### Description\n\nUlf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the \"Version:\" field) from an encrypted e-mail. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted encrypted e-mail, potentially resulting in the execution of arbitrary code with the privileges of the user running Evolution. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Evolution users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=mail-client/evolution-2.12.3-r1\"", "modified": "2008-03-05T00:00:00", "published": "2008-03-05T00:00:00", "id": "GLSA-200803-12", "href": "https://security.gentoo.org/glsa/200803-12", "type": "gentoo", "title": "Evolution: Format string vulnerability", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:47:06", "bulletinFamily": "unix", "description": "Evolution is the GNOME collection of personal information management (PIM)\r\ntools.\r\n\r\nA format string flaw was found in the way Evolution displayed encrypted\r\nmail content. If a user opened a carefully crafted mail message, arbitrary\r\ncode could be executed as the user running Evolution. (CVE-2008-0072)\r\n\r\nAll users of Evolution should upgrade to these updated packages, which\r\ncontain a backported patch which resolves this issue.\r\n\r\nRed Hat would like to thank Ulf Harnhammar of Secunia Research for finding\r\nand reporting this issue.", "modified": "2017-09-08T12:19:35", "published": "2008-03-05T05:00:00", "id": "RHSA-2008:0178", "href": "https://access.redhat.com/errata/RHSA-2008:0178", "type": "redhat", "title": "(RHSA-2008:0178) Critical: evolution security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:47:04", "bulletinFamily": "unix", "description": "Evolution is the GNOME collection of personal information management (PIM)\r\ntools.\r\n\r\nA format string flaw was found in the way Evolution displayed encrypted\r\nmail content. If a user opened a carefully crafted mail message, arbitrary\r\ncode could be executed as the user running Evolution. (CVE-2008-0072)\r\n\r\nAll users of Evolution should upgrade to these updated packages, which\r\ncontain a backported patch which resolves this issue.\r\n\r\nRed Hat would like to thank Ulf H\u00e4rnhammar of Secunia Research for finding\r\nand reporting this issue.", "modified": "2017-09-08T12:10:57", "published": "2008-03-05T05:00:00", "id": "RHSA-2008:0177", "href": "https://access.redhat.com/errata/RHSA-2008:0177", "type": "redhat", "title": "(RHSA-2008:0177) Critical: evolution security update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:28", "bulletinFamily": "software", "description": "Format string vulnerability on encrypted mail parsing.", "modified": "2008-03-05T00:00:00", "published": "2008-03-05T00:00:00", "id": "SECURITYVULNS:VULN:8753", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8753", "title": "Evolution format string vulnerability", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:10:25", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- ------------------------------------------------------------------------\r\nDebian Security Advisory DSA-1512-1 security@debian.org\r\nhttp://www.debian.org/security/ Thijs Kinkhorst\r\nMarch 05, 2008 http://www.debian.org/security/faq\r\n- ------------------------------------------------------------------------\r\n\r\nPackage : evolution\r\nVulnerability : format string attack\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE Id(s) : CVE-2008-0072\r\n\r\nUlf HÃ\u00a4rnhammar discovered that Evolution, the e-mail and groupware suite,\r\nhad a format string vulnerability in the parsing of encrypted mail messages.\r\nIf the user opened a specially crafted email message, code execution was\r\npossible.\r\n\r\nFor the stable distribution (etch), this problem has been fixed in version\r\n2.6.3-6etch2.\r\n\r\nFor the old stable distribution (sarge), this problem has been fixed in\r\nversion 2.0.4-2sarge3. Some architectures have not yet completed building\r\nthe updated package for sarge at this time, they will be added as they\r\ncome available.\r\n\r\nFor the unstable distribution (sid), this problem has been fixed in\r\nversion 2.12.3-1.1.\r\n\r\nWe recommend that you upgrade your evolution package.\r\n\r\nUpgrade instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given below:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 3.1 alias sarge\r\n- --------------------------------\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz\r\n Size/MD5 checksum: 294256 892634ed1c28416dea721a0ee1374d84\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc\r\n Size/MD5 checksum: 1459 e4a9b6f334108cae7550c9a0953e8e2b\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz\r\n Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb\r\n Size/MD5 checksum: 160454 b6f68df817e14a3c52422e4f0e810bd3\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb\r\n Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb\r\n Size/MD5 checksum: 160482 947be2b50da1219d1cbcf9dab63b2280\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb\r\n Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb\r\n Size/MD5 checksum: 160482 5b6f5d955d309e47fea09e97b24d7d58\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb\r\n Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb\r\n Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb\r\n Size/MD5 checksum: 160440 8887e35cc887febad15f9b6cf08694fe\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb\r\n Size/MD5 checksum: 160488 6c9a8ba39a6bab1a47dd1da8e99a5205\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb\r\n Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb\r\n Size/MD5 checksum: 160438 a6e0c9b90c90b6815fd607899aeb7583\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb\r\n Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\nSource archives:\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz\r\n Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc\r\n Size/MD5 checksum: 2269 25a2e18e12a838535c3fd74525696fa0\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz\r\n Size/MD5 checksum: 37993 5f7815f2c6a24f3a0c940d773cca8fb1\r\n\r\nArchitecture independent packages:\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb\r\n Size/MD5 checksum: 10107778 003176253e4c0d64c2789c08b6dd66e9\r\n\r\namd64 architecture (AMD x86_64 (AMD64))\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb\r\n Size/MD5 checksum: 6503088 80524049752431123c6e6cc215fed088\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb\r\n Size/MD5 checksum: 2572362 40c3491023cc6a44c28b44b677469770\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb\r\n Size/MD5 checksum: 118116 91367407df721cef2eb5b31f13dad521\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb\r\n Size/MD5 checksum: 220264 af212fee26d899114ec8c0d636af9ea4\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb\r\n Size/MD5 checksum: 94940 4f1bb7f6f1586967d2f7fc238845fdc6\r\n\r\narm architecture (ARM)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb\r\n Size/MD5 checksum: 219254 01a4c8c4bc2b7821de6659b20e92a0e5\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb\r\n Size/MD5 checksum: 6190146 4b26686b063745de28647836fed2ea90\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb\r\n Size/MD5 checksum: 2255242 1b74f4a729f808034495f526423c7ea1\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb\r\n Size/MD5 checksum: 91264 fadd3bb75f6f420f017d1877e4e77e44\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb\r\n Size/MD5 checksum: 110838 6f83e99f96620005fd227f57e68af487\r\n\r\nhppa architecture (HP PA RISC)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb\r\n Size/MD5 checksum: 213782 f1009fafa12fad8814aa0b5ad50bf47c\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb\r\n Size/MD5 checksum: 6436462 11af4dbe53e3f1e4780b35caeacf72fb\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb\r\n Size/MD5 checksum: 2857208 f01092a233b3b928e3ff9f12bc335bf6\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb\r\n Size/MD5 checksum: 120516 13a1fbcb74d8beec5d64dace004888a7\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb\r\n Size/MD5 checksum: 95580 6cdbe3107c91d2801e30c97436e90aa4\r\n\r\ni386 architecture (Intel ia32)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb\r\n Size/MD5 checksum: 2408778 318c10977b3163005ce86d25a6fbbd5d\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb\r\n Size/MD5 checksum: 218838 e8507655153c209a3bfb11e65e5d9d6d\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb\r\n Size/MD5 checksum: 92168 5a9902f58745a70017af6a8be0781bb3\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb\r\n Size/MD5 checksum: 113690 ffb524935d65cc5b57a7eb3b24899a3e\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb\r\n Size/MD5 checksum: 6143092 3556d0ebf225180e0cfa0f8e61bcbb1e\r\n\r\nia64 architecture (Intel ia64)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb\r\n Size/MD5 checksum: 129792 372c5de0189470c2dd091641ccbc1800\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb\r\n Size/MD5 checksum: 3419898 d2209d01f85549fb3138132429cc0314\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb\r\n Size/MD5 checksum: 99694 e35321d55a12521b6bcd572ed48e325b\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb\r\n Size/MD5 checksum: 213738 60ccb4b7a99438004ce57b42be023f76\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb\r\n Size/MD5 checksum: 6137762 84e1478a41d2a863b2e84167818142e3\r\n\r\nmips architecture (MIPS (Big Endian))\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb\r\n Size/MD5 checksum: 220670 8a620eb5ec5247f56eef3094d1f9d2b7\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb\r\n Size/MD5 checksum: 6615710 902001a21b48fd095880a4e16f521ee7\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb\r\n Size/MD5 checksum: 93276 320b39a0c683153dc68f9226cc29e95d\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb\r\n Size/MD5 checksum: 2352486 bbe1b44420951fe0e407f358d67a0a24\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb\r\n Size/MD5 checksum: 113280 dc1fac2d857056eb66ca850dd701b8f6\r\n\r\nmipsel architecture (MIPS (Little Endian))\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb\r\n Size/MD5 checksum: 92556 9a037a486b3deac0132f225bcabaaee7\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb\r\n Size/MD5 checksum: 213808 ad12c34cf25c343b4bb5bc1a1ec5c270\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb\r\n Size/MD5 checksum: 2334122 a3a70c83bc51aa54fe6f14548ca63501\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb\r\n Size/MD5 checksum: 112320 c7510452c2552b185a9d4eccc0811db2\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb\r\n Size/MD5 checksum: 6484920 57d9d7045ddb263e696cb6717511e355\r\n\r\npowerpc architecture (PowerPC)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb\r\n Size/MD5 checksum: 125054 725fed9a64daced20fd78bdfbe475f5a\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb\r\n Size/MD5 checksum: 2465966 0adffc6510e079277208350f555f1f63\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb\r\n Size/MD5 checksum: 6513716 66c59b08db75c184018ce915b1e1232a\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb\r\n Size/MD5 checksum: 213790 4a6ffd87ebc1c8523986e79b2beb50c1\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb\r\n Size/MD5 checksum: 99302 3f5b40706aae46d7c0620bf02a6df66c\r\n\r\ns390 architecture (IBM S/390)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb\r\n Size/MD5 checksum: 213726 249fda940d16912cc17fb5d3c0ff1fcd\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb\r\n Size/MD5 checksum: 6397416 9aa410ab707a207d56000a97235a98b5\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb\r\n Size/MD5 checksum: 2691100 61a7c41104aded19357ad64f1b05369c\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb\r\n Size/MD5 checksum: 94272 07cbb34ce382829898fbd57c0b794529\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb\r\n Size/MD5 checksum: 118362 1be4d726b78ad9efab9a16b4a2ea95cf\r\n\r\nsparc architecture (Sun SPARC/UltraSPARC)\r\n\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb\r\n Size/MD5 checksum: 111248 b23db7090cc78d9be75a38c4214c94ee\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb\r\n Size/MD5 checksum: 6018682 22883c64d15fd48d06e94ff47f6c85a9\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb\r\n Size/MD5 checksum: 91462 7b506ec24eb68f91642d0d33d670bfbd\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb\r\n Size/MD5 checksum: 2375358 8b97ebe934f59044c72dcce69f7f12db\r\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb\r\n Size/MD5 checksum: 213794 2e3bb50d5485dc3979cd07bcc7090cc9\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (GNU/Linux)\r\n\r\niQEVAwUBR86xJWz0hbPcukPfAQLq1wf/c6tLwJQv+HwPtHQYnYYC6rJ6ceYjMtZ7\r\nxCGX/TpWnrkEuUCRhdztiAwD4GIZ8NS4LpIa0Dqep+30OhgOggz/DNa0rFin09C7\r\ngD55GOVMLHtDaMauJ4+A1wL5HM2tGt9ItnLHuN3Mii9LmNYkyDILFySUOuVqLE3W\r\nj01YKE65TJ21808gkxYwsvSGdpdTHznJRZs5aTkNBJtSUr0KJjaTzpupwzxSV5qQ\r\n9HNU8tIZXsFJrmW2zNJYHQF4yAy9k+u/4Lh/IpMlZhL58OB7a3AjH9GkiZYURGNP\r\n+S2U/NipW/52ezFaFBTempkbWobAeY6QB/Maf4KnitumsfBa2fyFUg==\r\n=FNuj\r\n-----END PGP SIGNATURE-----", "modified": "2008-03-05T00:00:00", "published": "2008-03-05T00:00:00", "id": "SECURITYVULNS:DOC:19344", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19344", "title": "[SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution", "type": "securityvulns", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "debian": [{"lastseen": "2019-05-30T02:22:37", "bulletinFamily": "unix", "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1512-1 security@debian.org\nhttp://www.debian.org/security/ Thijs Kinkhorst\nMarch 05, 2008 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : evolution\nVulnerability : format string attack\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2008-0072\n\nUlf H\u00c3\u00a4rnhammar discovered that Evolution, the e-mail and groupware suite,\nhad a format string vulnerability in the parsing of encrypted mail messages.\nIf the user opened a specially crafted email message, code execution was\npossible.\n\nFor the stable distribution (etch), this problem has been fixed in version\n2.6.3-6etch2.\n\nFor the old stable distribution (sarge), this problem has been fixed in\nversion 2.0.4-2sarge3. Some architectures have not yet completed building\nthe updated package for sarge at this time, they will be added as they\ncome available.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.12.3-1.1.\n\nWe recommend that you upgrade your evolution package.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.diff.gz\n Size/MD5 checksum: 294256 892634ed1c28416dea721a0ee1374d84\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3.dsc\n Size/MD5 checksum: 1459 e4a9b6f334108cae7550c9a0953e8e2b\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4.orig.tar.gz\n Size/MD5 checksum: 20968383 d555a0b1d56f0f0b9c33c35b057f73e6\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_amd64.deb\n Size/MD5 checksum: 160454 b6f68df817e14a3c52422e4f0e810bd3\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_amd64.deb\n Size/MD5 checksum: 10447584 94e37843d38106635045906d58bd9386\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_hppa.deb\n Size/MD5 checksum: 160482 947be2b50da1219d1cbcf9dab63b2280\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_hppa.deb\n Size/MD5 checksum: 10596054 be4f110f1d50077b53e013d2824cc1d4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_i386.deb\n Size/MD5 checksum: 160482 5b6f5d955d309e47fea09e97b24d7d58\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_i386.deb\n Size/MD5 checksum: 10228974 6c38e3e691756beccd1ccfdba259d2a8\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_ia64.deb\n Size/MD5 checksum: 11419604 c99bb84c7a074900400e59de2b10dcce\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_ia64.deb\n Size/MD5 checksum: 160440 8887e35cc887febad15f9b6cf08694fe\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_powerpc.deb\n Size/MD5 checksum: 160488 6c9a8ba39a6bab1a47dd1da8e99a5205\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_powerpc.deb\n Size/MD5 checksum: 10286504 7f5d4b747a51e9c72d1114f9bcf6a209\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.0.4-2sarge3_s390.deb\n Size/MD5 checksum: 160438 a6e0c9b90c90b6815fd607899aeb7583\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.0.4-2sarge3_s390.deb\n Size/MD5 checksum: 10638988 f10525a9b20cc799c0e000c3e81738ab\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3.orig.tar.gz\n Size/MD5 checksum: 17176288 7af880364d53b18ba72b1f85f3813c81\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.dsc\n Size/MD5 checksum: 2269 25a2e18e12a838535c3fd74525696fa0\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2.diff.gz\n Size/MD5 checksum: 37993 5f7815f2c6a24f3a0c940d773cca8fb1\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-common_2.6.3-6etch2_all.deb\n Size/MD5 checksum: 10107778 003176253e4c0d64c2789c08b6dd66e9\n\namd64 architecture (AMD x86_64 (AMD64))\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_amd64.deb\n Size/MD5 checksum: 6503088 80524049752431123c6e6cc215fed088\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_amd64.deb\n Size/MD5 checksum: 2572362 40c3491023cc6a44c28b44b677469770\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_amd64.deb\n Size/MD5 checksum: 118116 91367407df721cef2eb5b31f13dad521\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_amd64.deb\n Size/MD5 checksum: 220264 af212fee26d899114ec8c0d636af9ea4\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_amd64.deb\n Size/MD5 checksum: 94940 4f1bb7f6f1586967d2f7fc238845fdc6\n\narm architecture (ARM)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_arm.deb\n Size/MD5 checksum: 219254 01a4c8c4bc2b7821de6659b20e92a0e5\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_arm.deb\n Size/MD5 checksum: 6190146 4b26686b063745de28647836fed2ea90\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_arm.deb\n Size/MD5 checksum: 2255242 1b74f4a729f808034495f526423c7ea1\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_arm.deb\n Size/MD5 checksum: 91264 fadd3bb75f6f420f017d1877e4e77e44\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_arm.deb\n Size/MD5 checksum: 110838 6f83e99f96620005fd227f57e68af487\n\nhppa architecture (HP PA RISC)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_hppa.deb\n Size/MD5 checksum: 213782 f1009fafa12fad8814aa0b5ad50bf47c\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_hppa.deb\n Size/MD5 checksum: 6436462 11af4dbe53e3f1e4780b35caeacf72fb\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_hppa.deb\n Size/MD5 checksum: 2857208 f01092a233b3b928e3ff9f12bc335bf6\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_hppa.deb\n Size/MD5 checksum: 120516 13a1fbcb74d8beec5d64dace004888a7\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_hppa.deb\n Size/MD5 checksum: 95580 6cdbe3107c91d2801e30c97436e90aa4\n\ni386 architecture (Intel ia32)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_i386.deb\n Size/MD5 checksum: 2408778 318c10977b3163005ce86d25a6fbbd5d\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_i386.deb\n Size/MD5 checksum: 218838 e8507655153c209a3bfb11e65e5d9d6d\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_i386.deb\n Size/MD5 checksum: 92168 5a9902f58745a70017af6a8be0781bb3\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_i386.deb\n Size/MD5 checksum: 113690 ffb524935d65cc5b57a7eb3b24899a3e\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_i386.deb\n Size/MD5 checksum: 6143092 3556d0ebf225180e0cfa0f8e61bcbb1e\n\nia64 architecture (Intel ia64)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_ia64.deb\n Size/MD5 checksum: 129792 372c5de0189470c2dd091641ccbc1800\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_ia64.deb\n Size/MD5 checksum: 3419898 d2209d01f85549fb3138132429cc0314\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_ia64.deb\n Size/MD5 checksum: 99694 e35321d55a12521b6bcd572ed48e325b\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_ia64.deb\n Size/MD5 checksum: 213738 60ccb4b7a99438004ce57b42be023f76\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_ia64.deb\n Size/MD5 checksum: 6137762 84e1478a41d2a863b2e84167818142e3\n\nmips architecture (MIPS (Big Endian))\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mips.deb\n Size/MD5 checksum: 220670 8a620eb5ec5247f56eef3094d1f9d2b7\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mips.deb\n Size/MD5 checksum: 6615710 902001a21b48fd095880a4e16f521ee7\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mips.deb\n Size/MD5 checksum: 93276 320b39a0c683153dc68f9226cc29e95d\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mips.deb\n Size/MD5 checksum: 2352486 bbe1b44420951fe0e407f358d67a0a24\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mips.deb\n Size/MD5 checksum: 113280 dc1fac2d857056eb66ca850dd701b8f6\n\nmipsel architecture (MIPS (Little Endian))\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_mipsel.deb\n Size/MD5 checksum: 92556 9a037a486b3deac0132f225bcabaaee7\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_mipsel.deb\n Size/MD5 checksum: 213808 ad12c34cf25c343b4bb5bc1a1ec5c270\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_mipsel.deb\n Size/MD5 checksum: 2334122 a3a70c83bc51aa54fe6f14548ca63501\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_mipsel.deb\n Size/MD5 checksum: 112320 c7510452c2552b185a9d4eccc0811db2\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_mipsel.deb\n Size/MD5 checksum: 6484920 57d9d7045ddb263e696cb6717511e355\n\npowerpc architecture (PowerPC)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_powerpc.deb\n Size/MD5 checksum: 125054 725fed9a64daced20fd78bdfbe475f5a\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_powerpc.deb\n Size/MD5 checksum: 2465966 0adffc6510e079277208350f555f1f63\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_powerpc.deb\n Size/MD5 checksum: 6513716 66c59b08db75c184018ce915b1e1232a\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_powerpc.deb\n Size/MD5 checksum: 213790 4a6ffd87ebc1c8523986e79b2beb50c1\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_powerpc.deb\n Size/MD5 checksum: 99302 3f5b40706aae46d7c0620bf02a6df66c\n\ns390 architecture (IBM S/390)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_s390.deb\n Size/MD5 checksum: 213726 249fda940d16912cc17fb5d3c0ff1fcd\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_s390.deb\n Size/MD5 checksum: 6397416 9aa410ab707a207d56000a97235a98b5\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_s390.deb\n Size/MD5 checksum: 2691100 61a7c41104aded19357ad64f1b05369c\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_s390.deb\n Size/MD5 checksum: 94272 07cbb34ce382829898fbd57c0b794529\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_s390.deb\n Size/MD5 checksum: 118362 1be4d726b78ad9efab9a16b4a2ea95cf\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins_2.6.3-6etch2_sparc.deb\n Size/MD5 checksum: 111248 b23db7090cc78d9be75a38c4214c94ee\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dbg_2.6.3-6etch2_sparc.deb\n Size/MD5 checksum: 6018682 22883c64d15fd48d06e94ff47f6c85a9\n http://security.debian.org/pool/updates/main/e/evolution/evolution-plugins-experimental_2.6.3-6etch2_sparc.deb\n Size/MD5 checksum: 91462 7b506ec24eb68f91642d0d33d670bfbd\n http://security.debian.org/pool/updates/main/e/evolution/evolution_2.6.3-6etch2_sparc.deb\n Size/MD5 checksum: 2375358 8b97ebe934f59044c72dcce69f7f12db\n http://security.debian.org/pool/updates/main/e/evolution/evolution-dev_2.6.3-6etch2_sparc.deb\n Size/MD5 checksum: 213794 2e3bb50d5485dc3979cd07bcc7090cc9\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2008-03-05T14:43:55", "published": "2008-03-05T14:43:55", "id": "DEBIAN:DSA-1512-1:29E07", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2008/msg00076.html", "title": "[SECURITY] [DSA 1512-1] New evolution packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cert": [{"lastseen": "2020-07-02T15:59:14", "bulletinFamily": "info", "description": "### Overview \n\nThe GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code.\n\n### Description \n\nEvolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.\n\nFrom Secunia Advisory [SA29057](<http://secunia.com/advisories/29057/>): \n_A format string error in the \"emf_multipart_encrypted()\" function in mail/em-format.c when displaying data (e.g. the \"Version:\" field) from an encrypted e-mail message can be exploited to execute arbitrary code via a specially crafted e-mail message. \n \nSuccessful exploitation requires that the user selects a malicious e-mail message._ \n \n \n--- \n \n### Impact \n\nA remote, unauthenticated attacker may be able to execute arbitrary code or cause Evolution to crash. \n \n--- \n \n### Solution \n\n**Upgrade**\n\nThe Evolution team has released a patch to address this issue. See GNOME Bug [520745](<http://bugzilla.gnome.org/show_bug.cgi?id=520745>) for more information. Users and administrators who do not compile Evolution from source should obtain fixed software from their operating system vendor. \n \n--- \n \n### Vendor Information\n\n512491\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Debian GNU/Linux Affected\n\nUpdated: March 07, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### GNOME __ Affected\n\nUpdated: March 07, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://bugzilla.gnome.org/show_bug.cgi?id=520745> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23512491 Feedback>).\n\n### Gentoo Linux __ Affected\n\nUpdated: March 07, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.gentoo.org/security/en/glsa/glsa-200803-12.xml> for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23512491 Feedback>).\n\n### Red Hat, Inc. __ Affected\n\nUpdated: March 07, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <https://rhn.redhat.com/errata/RHSA-2008-0177.html> for more information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23512491 Feedback>).\n\n### Ubuntu __ Affected\n\nUpdated: March 07, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nSee <http://www.ubuntu.com/usn/usn-583-1> for more information.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23512491 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://bugzilla.gnome.org/show_bug.cgi?id=520745>\n * <http://secunia.com/advisories/29057/>\n * <http://secunia.com/secunia_research/2008-8/advisory/>\n * [http://bugzilla.gnome.org/attachment.cgi?id=106681&action=view](<http://bugzilla.gnome.org/attachment.cgi?id=106681&action=view>)\n * <https://www.securecoding.cert.org/confluence/x/WwE>\n\n### Acknowledgements\n\nThis vulnerability was made public by Ulf Harnhammar of Secunia Research.\n\nThis document was written by Ryan Giobbi.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2008-0072](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0072>) \n---|--- \n**Severity Metric:** | 1.80 \n**Date Public:** | 2008-03-05 \n**Date First Published:** | 2008-03-07 \n**Date Last Updated: ** | 2008-03-07 14:46 UTC \n**Document Revision: ** | 23 \n", "modified": "2008-03-07T14:46:00", "published": "2008-03-07T00:00:00", "id": "VU:512491", "href": "https://www.kb.cert.org/vuls/id/512491", "type": "cert", "title": "GNOME Evolution format string vulnerability", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
