Executive Summary
Summary | |
---|---|
Title | New evolution packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1325 | First vendor Publication | 2007-06-29 |
Vendor | Debian | Last vendor Modification | 2007-06-29 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1002 Ulf Harnhammer discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code. CVE-2007-3257 It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code. For the oldstable distribution (sarge) these problems have been fixed in version 2.0.4-2sarge2. Packages for hppa, mips and powerpc are not yet available. They will be provided later. For the stable distribution (etch) these problems have been fixed in version 2.6.3-6etch1. Packages for mips are not yet available. They will be provided later. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your evolution packages. |
Original Source
Url : http://www.debian.org/security/2007/dsa-1325 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10100 | |||
Oval ID: | oval:org.mitre.oval:def:10100 | ||
Title: | Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | ||
Description: | Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1002 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11724 | |||
Oval ID: | oval:org.mitre.oval:def:11724 | ||
Title: | Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | ||
Description: | Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3257 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20375 | |||
Oval ID: | oval:org.mitre.oval:def:20375 | ||
Title: | DSA-1325-1 evolution | ||
Description: | Several remote vulnerabilities have been discovered in Evolution, a groupware suite with mail client and organizer. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1325-1 CVE-2007-1002 CVE-2007-3257 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | evolution |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20496 | |||
Oval ID: | oval:org.mitre.oval:def:20496 | ||
Title: | DSA-1321-1 evolution-data-server | ||
Description: | It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1321-1 CVE-2007-3257 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | evolution-data-server |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21824 | |||
Oval ID: | oval:org.mitre.oval:def:21824 | ||
Title: | ELSA-2007:0158: evolution security update (Moderate) | ||
Description: | Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0158-01 CVE-2007-1002 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | evolution |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22024 | |||
Oval ID: | oval:org.mitre.oval:def:22024 | ||
Title: | ELSA-2007:0510: evolution-data-server security update (Important) | ||
Description: | Camel (camel-imap-folder.c) in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0510-01 CVE-2007-3257 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | evolution-data-server |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for evolution MDKSA-2007:070 (evolution) File : nvt/gb_mandriva_MDKSA_2007_070.nasl |
2009-04-09 | Name : Mandriva Update for evolution MDKSA-2007:136 (evolution) File : nvt/gb_mandriva_MDKSA_2007_136.nasl |
2009-03-23 | Name : Ubuntu Update for evolution vulnerability USN-442-1 File : nvt/gb_ubuntu_USN_442_1.nasl |
2009-03-23 | Name : Ubuntu Update for evolution-data-server vulnerability USN-475-1 File : nvt/gb_ubuntu_USN_475_1.nasl |
2009-02-27 | Name : Fedora Update for evolution FEDORA-2007-393 File : nvt/gb_fedora_2007_393_evolution_fc6.nasl |
2009-02-27 | Name : Fedora Update for evolution FEDORA-2007-404 File : nvt/gb_fedora_2007_404_evolution_fc5.nasl |
2009-01-28 | Name : SuSE Update for evolution,evolution-data-server SUSE-SA:2007:042 File : nvt/gb_suse_2007_042.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200706-02 (evolution) File : nvt/glsa_200706_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200707-03 (evolution-data-server) File : nvt/glsa_200707_03.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-04 (evolution-data-server) File : nvt/glsa_200711_04.nasl |
2008-09-04 | Name : FreeBSD Ports: evolution-data-server File : nvt/freebsd_evolution-data-server.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1321-1 (evolution-data-server) File : nvt/deb_1321_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1325-1 (evolution) File : nvt/deb_1325_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
37489 | Evolution Data Server Camel (camel-imap-folder.c) Mail Component IMAP GData S... |
34345 | Evolution Shared Memo e-cal-component-memo-preview.c write_html Function Form... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0510.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0509.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070625_evolution_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070625_evolution_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_evolution-data-server-3826.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-475-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-442-1.nasl - Type : ACT_GATHER_INFO |
2007-11-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-04.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_evolution-3960.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_evolution-data-server-3825.nasl - Type : ACT_GATHER_INFO |
2007-07-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1325.nasl - Type : ACT_GATHER_INFO |
2007-07-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200707-03.nasl - Type : ACT_GATHER_INFO |
2007-06-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1321.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-136.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0509.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0510.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b1b5c125230811dcb91a001921ab2fa4.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0510.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0509.nasl - Type : ACT_GATHER_INFO |
2007-06-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200706-02.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0158.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-070.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:45 |
|