[UNIX] Evolution Shared Memo Categories Format String Vulnerability
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 26 Mar 2007 15:06:33 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Evolution Shared Memo Categories Format String Vulnerability
------------------------------------------------------------------------
SUMMARY
" <http://www.gnome.org/projects/evolution/> Evolution provides integrated
mail, addressbook and calendaring functionality to users of the GNOME
desktop". Secunia Research has discovered a vulnerability in Evolution,
which can be exploited by malicious people to potentially compromise a
vulnerable system.
DETAILS
Vulnerable Systems:
* Evolution version 2.8.2.1
A format string error in the "write_html()" function in
calendar/gui/e-cal-component-memo-preview.c when displaying a memo's
categories can potentially be exploited to execute arbitrary code via a
specially crafted shared memo containing format specifiers.
Successful exploitation requires that the user opens a shared memo in
their mailbox, clicks on "Accept", and views the memo under the "Memo"
tab.
NOTE: The categories are not displayed in the mailbox view of a shared
memo.
Time Table:
01/03/2007 - Vendor notified (Red Hat and the vendor-sec list).
03/03/2007 - Vendor response.
21/03/2007 - Public disclosure.
ADDITIONAL INFORMATION
The information has been provided by Ulf Harnhammar, Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2007-44/>
http://secunia.com/secunia_research/2007-44/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Microsoft Windows Ndistapi.sys IRQL Escalation
- Next by Date: [UNIX] XMMS Integer Overflow and Underflow Vulnerabilities
- Previous by thread: [NT] Microsoft Windows Ndistapi.sys IRQL Escalation
- Next by thread: [UNIX] XMMS Integer Overflow and Underflow Vulnerabilities
- Index(es):
Relevant Pages
- [UNIX] MPlayer MMST and Real RTSP Multiple Heap Overflows
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The second vulnerability is due
to a heap overflow ... which may be exploited via a malicious server to ...
cause a denial of service and potentially compromise a vulnerable system. ... (Securiteam) - [EXPL] FRB Remote Command Execution (Exploit)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... attackers to execute arbitrary
code on the vulnerable system, ... print $sock "Host: $host\n"; ... (Securiteam) - [UNIX] Mathopd Insecure Dump File Creation
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Mathopd supports useful
features of HTTP/1.1, ... vulnerable system. ... the system with the privileges
of the user running Mathopd. ... (Securiteam) - [NT] AVIRA Antivirus ACE Archive Handling Buffer Overflow
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... compromise a vulnerable system.
... Successful exploitation allows arbitrary code execution, ... The vendor
has issue the following statement: ... (Securiteam) - [NT] HAURI Anti-Virus ALZ Archive Handling Buffer Overflow
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... compromise a vulnerable system.
... * HAURI LiveCall ... ViRobot Expert 4.0 / ViRobot Advanced Server: ...
(Securiteam)
