Ximian Evolution camel-lock-helper buffer overflow

evolution-camellockhelper-bo (19031)

High Risk

Description:

Evolution is vulnerable to an integer overflow in the setuid root camel-lock-helper component. A local or remote attacker in control of a malicious POP3 server could supply a specially-crafted value to overflow a buffer and execute arbitrary code on the system with root privileges.

Platforms Affected:

• Canonical, Ubuntu 4.10
• Debian, Debian Linux 3.0
• Gentoo, Linux
• MandrakeSoft, Mandrake Linux 10.0 AMD64
• MandrakeSoft, Mandrake Linux 10.0
• MandrakeSoft, Mandrake Linux 10.1 X86_64
• MandrakeSoft, Mandrake Linux 10.1
• MandrakeSoft, Mandrake Linux Corporate Server 3.0
• MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 Desktop
• RedHat, Enterprise Linux 3 WS
• RedHat, Enterprise Linux 4 WS
• RedHat, Enterprise Linux 4 Desktop
• RedHat, Enterprise Linux 4 AS
• RedHat, Enterprise Linux 4 ES
• Ximian, Evolution

Remedy:

Apply the evolution patch, available from the evolution-patches Mailing List posting dated Thu, 20 Jan 2005. See References.

For Ubuntu Linux:
Upgrade to the latest evolution package (2.0.2-0ubuntu2.1or later), as listed in USN-69-1 January 24, 2005. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of evolution (1.0.5-1woody2 or later), as listed in DSA-673-1. See References.

For Red Hat Linux:
Refer to RHSA-2005:397-09 or RHSA-2005:238-18 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2005-01-35 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Privileges

References:

• evolution-patches Mailing List, Thu, 20 Jan 2005 13:49:12 +0800, camel lock helper security fix at http://lists.ximian.com/archives/public/evolution-patches/2005-January/008672.html.
• BID-12354: Novell Evolution Camel-Lock-Helper Application Remote Integer Overflow Vulnerability
• CVE-2005-0102: Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
• DSA-673: evolution -- integer overflow
• GLSA-200501-35: Evolution: Integer overflow in camel-lock-helper
• MDKSA-2005:024: Updated evolution packages fix vulnerability
• RHSA-2005-238: evolution security update
• RHSA-2005-397: evolution security update
• SA13830: Evolution camel-lock-helper Integer Overflow Vulnerability
• SECTRACK ID: 1012981: Evolution Integer Overflow in camel-lock-helper May Let Local and Remote Users Execute Arbitrary Code
• SUSE-SR:2005:003: SUSE Security Summary Report
• USN-69-1: Evolution vulnerability

Reported:

Jan 24, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page