Executive Summary
Summary | |
---|---|
Title | evolution security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:0158 | First vendor Publication | 2007-05-03 |
Vendor | RedHat | Last vendor Modification | 2007-05-03 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 RHEL Desktop Workstation (v. 5 client) - i386, x86_64 RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64 3. Problem description: Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in the way Evolution parsed the category field in a memo. If a user tried to save and then view a carefully crafted memo, arbitrary code may be executed as the user running Evolution. (CVE-2007-1002) This flaw did not affect the versions of Evolution shipped with Red Hat Enterprise Linux 2.1, 3, or 4. All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. Red Hat would like to thank Ulf Härnhammar of Secunia Research for reporting this issue. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 231478 - CVE-2007-1002 evolution format string flaw |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-0158.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10100 | |||
Oval ID: | oval:org.mitre.oval:def:10100 | ||
Title: | Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | ||
Description: | Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-1002 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21824 | |||
Oval ID: | oval:org.mitre.oval:def:21824 | ||
Title: | ELSA-2007:0158: evolution security update (Moderate) | ||
Description: | Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0158-01 CVE-2007-1002 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | evolution |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-09 | Name : Mandriva Update for evolution MDKSA-2007:070 (evolution) File : nvt/gb_mandriva_MDKSA_2007_070.nasl |
2009-03-23 | Name : Ubuntu Update for evolution vulnerability USN-442-1 File : nvt/gb_ubuntu_USN_442_1.nasl |
2009-02-27 | Name : Fedora Update for evolution FEDORA-2007-393 File : nvt/gb_fedora_2007_393_evolution_fc6.nasl |
2009-02-27 | Name : Fedora Update for evolution FEDORA-2007-404 File : nvt/gb_fedora_2007_404_evolution_fc5.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200706-02 (evolution) File : nvt/glsa_200706_02.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1325-1 (evolution) File : nvt/deb_1325_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
34345 | Evolution Shared Memo e-cal-component-memo-preview.c write_html Function Form... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-442-1.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_evolution-3960.nasl - Type : ACT_GATHER_INFO |
2007-07-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1325.nasl - Type : ACT_GATHER_INFO |
2007-06-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200706-02.nasl - Type : ACT_GATHER_INFO |
2007-05-25 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0158.nasl - Type : ACT_GATHER_INFO |
2007-04-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-070.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:33 |
|