Executive Summary
Summary | |
---|---|
Title | evolution-data-server vulnerability |
Informations | |||
---|---|---|---|
Name | USN-733-1 | First vendor Publication | 2009-03-16 |
Vendor | Ubuntu | Last vendor Modification | 2009-03-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 7.10: After a standard system upgrade you need to restart Evolution to effect the necessary changes. Details follow: It was discovered that the Base64 encoding functions in evolution-data-server did not properly handle large strings. If a user were tricked into opening a specially crafted image file, or tricked into connecting to a malicious server, an attacker could possibly execute arbitrary code with user privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-733-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11385 | |||
Oval ID: | oval:org.mitre.oval:def:11385 | ||
Title: | Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | ||
Description: | Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0587 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21826 | |||
Oval ID: | oval:org.mitre.oval:def:21826 | ||
Title: | ELSA-2009:0354: evolution-data-server security update (Moderate) | ||
Description: | Multiple integer overflows in Evolution Data Server (aka evolution-data-server) before 2.24.5 allow context-dependent attackers to execute arbitrary code via a long string that is converted to a base64 representation in (1) addressbook/libebook/e-vcard.c in evc or (2) camel/camel-mime-utils.c in libcamel. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0354-01 CVE-2009-0547 CVE-2009-0582 CVE-2009-0587 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | evolution28-evolution-data-server evolution-data-server |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28741 | |||
Oval ID: | oval:org.mitre.oval:def:28741 | ||
Title: | RHSA-2009:0354 -- evolution-data-server security update (Moderate) | ||
Description: | Updated evolution-data-server and evolution28-evolution-data-server packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution Data Server provides a unified back-end for applications which interact with contacts, task, and calendar information. Evolution Data Server was originally developed as a back-end for Evolution, but is now used by multiple other applications. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0354 CVE-2009-0547 CVE-2009-0582 CVE-2009-0587 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 | Product(s): | evolution28-evolution-data-server evolution-data-server |
Definition Synopsis: | |||
|
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for evolution28-evolution-data-server CESA-2009:0354 centos4 i386 File : nvt/gb_CESA-2009_0354_evolution28-evolution-data-server_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for evolution CESA-2009:0355 centos4 i386 File : nvt/gb_CESA-2009_0355_evolution_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for evolution CESA-2009:0358 centos3 i386 File : nvt/gb_CESA-2009_0358_evolution_centos3_i386.nasl |
2009-06-09 | Name : Debian Security Advisory DSA 1813-1 (evolution-data-server) File : nvt/deb_1813_1.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0354 (evolution-data-server) File : nvt/ovcesa2009_0354.nasl |
2009-05-25 | Name : CentOS Security Advisory CESA-2009:0355 (evolution-data-server) File : nvt/ovcesa2009_0355.nasl |
2009-03-31 | Name : Mandrake Security Advisory MDVSA-2009:078 (evolution-data-server) File : nvt/mdksa_2009_078.nasl |
2009-03-20 | Name : RedHat Security Advisory RHSA-2009:0354 File : nvt/RHSA_2009_0354.nasl |
2009-03-20 | Name : RedHat Security Advisory RHSA-2009:0355 File : nvt/RHSA_2009_0355.nasl |
2009-03-20 | Name : RedHat Security Advisory RHSA-2009:0358 File : nvt/RHSA_2009_0358.nasl |
2009-03-20 | Name : CentOS Security Advisory CESA-2009:0358 (evolution) File : nvt/ovcesa2009_0358.nasl |
2009-03-20 | Name : Ubuntu USN-733-1 (evolution-data-server) File : nvt/ubuntu_733_1.nasl |
2009-03-20 | Name : Ubuntu USN-734-1 (ffmpeg-debian) File : nvt/ubuntu_734_1.nasl |
2009-03-18 | Name : Evolution Data Server Multiple Integer Overflow Vulnerabilities File : nvt/gb_evolution_data_server_mult_int_overflow_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52703 | Evolution Data Server libcamel camel/camel-mime-utils.c Base64 String Handlin... |
52702 | Evolution Data Server evc addressbook/libebook/e-vcard.c Base64 String Handli... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0354.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0355.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-0358.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090316_evolution_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090316_evolution_data_server_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090316_evolution_and_evolution_data_server_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_evolution-data-server-7029.nasl - Type : ACT_GATHER_INFO |
2010-03-11 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_evolution-data-server-100208.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1813.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0355.nasl - Type : ACT_GATHER_INFO |
2009-05-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0354.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-733-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-078.nasl - Type : ACT_GATHER_INFO |
2009-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0358.nasl - Type : ACT_GATHER_INFO |
2009-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0355.nasl - Type : ACT_GATHER_INFO |
2009-03-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0354.nasl - Type : ACT_GATHER_INFO |
2009-03-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-0358.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:05:45 |
|