EUVD-2002-1454

Malware in sbrugna...

Ximian Evolution 1.x UUEncoding Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7118/info A vulnerability has been discovered in the Ximian Evolution Mail User Agent MUA. The problem occurs when the mailer attempts to process a maliciously encoded e-mail message. When attempting to decode the message...

Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7119/info Ximian Evolution does not properly validate MIME image/ Content-Type fields. If an email message contains an image/ Content-Type, any type of data can be embedded where the image information is expected. This ca...

Ximian Evolution < 2.3.8 Inline XML Content-parsing Overflow

Binary data 3388.prm...

Ximian Evolution < 2.3.7 Content-Parsing Multiple Vulnerabilities

Binary data 3161.prm...

Ximian Evolution < 2.0.4 Content-Parsing DoS

Binary data 2713.prm...

[Full-Disclosure] Novell/Ximian Evolution multiple text attachments DoS

================== =====Analysis===== ================== I just wanted to inform users of Ximian Evolution 2.0 software that there exists a way to temporarily DoS the local application and/or machine by attaching an absurd amount of .ezm files to a normal email. It seems that Evolution tries to...

CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack...

CVE-2002-1471

The CVE-2002-1471 issue concerns the camel component used by Ximian Evolution 1.0.x and earlier. It does not verify TLS/SSL certificates when establishing a new SSL connection after an initial verification, which could allow remote attackers to perform a man-in-the-middle attack to monitor or mod...

CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack...

Ximian Evolution < 1.2.3 MIME image/* Content-Type Data Injection

Binary data 1308.prm...

Ximian Evolution < 1.2.3 UUEncoding Overflow DoS / Data Injection

Binary data 1307.prm...

Ximian Evolution < 1.1.1 camel Component Man-in-the-Middle SSL Session Weakness

Binary data 1306.prm...

CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack...

CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack...

DEBIAN-CVE-2002-1471

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack...

CVE-2003-0129

Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service memory consumption via a mail message that is uuencoded multiple times...

CVE-2003-0128

The tryuudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a malicious uuencoded UUE header, possibly triggering a heap-based buffer overflow...

CVE-2003-0129

Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service memory consumption via a mail message that is uuencoded multiple times...

DEBIAN-CVE-2003-0128

The tryuudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a malicious uuencoded UUE header, possibly triggering a heap-based buffer overflow...