evolution malicious server arbitrary code execution

🗓️ 25 Jun 2007 13:39:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Evolution mailer camel-imap-folder.c allows remote code execution via negative SEQUENCE in GData.

Reporter	Title	Published	Views	Family All 63
FreeBSD	evolution-data-server -- remote execution of arbitrary code vulnerability	23 Jun 200700:00	–	freebsd
Tenable Nessus	CentOS 3 / 4 : evolution (CESA-2007:0509)	27 Jun 200700:00	–	nessus
Tenable Nessus	CentOS 5 : evolution-data-server (CESA-2007:0510)	27 Jun 200700:00	–	nessus
Tenable Nessus	Debian DSA-1321-1 : evolution-data-server - programming error	29 Jun 200700:00	–	nessus
Tenable Nessus	Debian DSA-1325-1 : evolution - several vulnerabilities	10 Jul 200700:00	–	nessus
Tenable Nessus	FreeBSD : evolution-data-server -- remote execution of arbitrary code vulnerability (b1b5c125-2308-11dc-b91a-001921ab2fa4)	27 Jun 200700:00	–	nessus
Tenable Nessus	GLSA-200707-03 : Evolution: User-assisted remote execution of arbitrary code	3 Jul 200700:00	–	nessus
Tenable Nessus	GLSA-200711-04 : Evolution: User-assisted remote execution of arbitrary code	7 Nov 200700:00	–	nessus
Tenable Nessus	Mandrake Linux Security Advisory : evolution (MDKSA-2007:136)	27 Jun 200700:00	–	nessus
Tenable Nessus	Oracle Linux 3 / 4 : evolution (ELSA-2007-0509)	12 Jul 201300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	5	i386	evolution-data-server	0:1.8.0-15.0.4.el5	evolution-data-server-0:1.8.0-15.0.4.el5.i386.rpm
Red Hat Enterprise Linux	5	ia64	evolution-data-server	0:1.8.0-15.0.4.el5	evolution-data-server-0:1.8.0-15.0.4.el5.ia64.rpm
Red Hat Enterprise Linux	5	ppc	evolution-data-server	0:1.8.0-15.0.4.el5	evolution-data-server-0:1.8.0-15.0.4.el5.ppc.rpm
Red Hat Enterprise Linux	5	ppc64	evolution-data-server	0:1.8.0-15.0.4.el5	evolution-data-server-0:1.8.0-15.0.4.el5.ppc64.rpm
Red Hat Enterprise Linux	5	s390	evolution-data-server	0:1.8.0-15.0.4.el5	evolution-data-server-0:1.8.0-15.0.4.el5.s390.rpm
Red Hat Enterprise Linux	5	s390x	evolution-data-server	0:1.8.0-15.0.4.el5	evolution-data-server-0:1.8.0-15.0.4.el5.s390x.rpm
Red Hat Enterprise Linux	5	x86_64	evolution-data-server	0:1.8.0-15.0.4.el5	evolution-data-server-0:1.8.0-15.0.4.el5.x86_64.rpm
Red Hat Enterprise Linux	5	i386	evolution-data-server-debuginfo	0:1.8.0-15.0.4.el5	evolution-data-server-debuginfo-0:1.8.0-15.0.4.el5.i386.rpm
Red Hat Enterprise Linux	5	ia64	evolution-data-server-debuginfo	0:1.8.0-15.0.4.el5	evolution-data-server-debuginfo-0:1.8.0-15.0.4.el5.ia64.rpm
Red Hat Enterprise Linux	5	ppc	evolution-data-server-debuginfo	0:1.8.0-15.0.4.el5	evolution-data-server-debuginfo-0:1.8.0-15.0.4.el5.ppc.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2007-3257
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2007-3257
cve	www.cve.org/CVERecord

25 Jun 2026 10:33Current

6.2Medium risk

Vulners AI Score6.2

CVSS 26.8

EPSS0.03122

Evolution Data Server camel imap folder remote code execution negative sequence gdata array index