GTKHTML Malformed HTML Document DoS

2003-09-09T10:22:52
ID OSVDB:2147
Type osvdb
Reporter OSVDB
Modified 2003-09-09T10:22:52

Description

Vulnerability Description

Red Hat has reported a vulnerability in GtkHTML, which can be exploited by malicious people to cause a DoS (Denial of Service) on Evolution.

Technical Description

The vulnerability is caused due to a NULL pointer dereference bug when handling certain HTML documents. This can be exploited by sending a specially crafted HTML document to a user, which causes the Evolution mail component to crash.

Solution Description

Update packages:

-- Red Hat Linux 7.3 --

SRPMS: ftp://updates.redhat.com/7.3/en/os/SRPMS/gtkhtml-1.0.2-1.1.src.rpm

i386: ftp://updates.redhat.com/7.3/en/os/i386/gtkhtml-1.0.2-1.1.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/gtkhtml-devel-1.0.2-1.1.i386.rpm

-- Red Hat Linux 8.0 --

SRPMS: ftp://updates.redhat.com/8.0/en/os/SRPMS/gtkhtml-1.0.4-3.1.src.rpm

i386: ftp://updates.redhat.com/8.0/en/os/i386/gtkhtml-1.0.4-3.1.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/gtkhtml-devel-1.0.4-3.1.i386.rpm

-- Red Hat Linux 9 --

SRPMS: ftp://updates.redhat.com/9/en/os/SRPMS/gtkhtml-1.1.9-0.9.1.src.rpm

i386: ftp://updates.redhat.com/9/en/os/i386/gtkhtml-1.1.9-0.9.1.i386.rpm ftp://updates.redhat.com/9/en/os/i386/gtkhtml-devel-1.1.9-0.9.1.i386.rpm

Short Description

Red Hat has reported a vulnerability in GtkHTML, which can be exploited by malicious people to cause a DoS (Denial of Service) on Evolution.

References:

Secunia Advisory ID:9699 Secunia Advisory ID:15001 RedHat RHSA: RHSA-2003-264 Other Advisory URL: http://www.debian.org/security/2005/dsa-710 CVE-2003-0541 Bugtraq ID: 7350