Evolution write_html() format string

evolution-writehtml-format-string (33106) The risk level is classified as HighHigh Risk

Description:

Evolution could allow a remote attacker to execute arbitrary commands on the system, caused by a format string vulnerability in the write_html() function in calendar/gui/e-cal-component-memo-preview.c. An attacker could exploit this vulnerability by sending a specially-crafted shared memo containing format specifiers, which would allow the attacker to execute arbitrary commands or cause the server to crash, if the attacker could convince the victim to open and accept a shared memo.

Platforms Affected:

  • Canonical, Ubuntu 6.06 LTS
  • Canonical, Ubuntu 6.10
  • Debian, Debian Linux 3.1
  • Debian, Debian Linux 4.0
  • Gentoo, Linux
  • MandrakeSoft, Mandrake Linux 2007
  • MandrakeSoft, Mandrake Linux 2007 X86_64
  • Novell, Evolution 2.8.2.1
  • Novell, SUSE Linux Enterprise Server 10
  • RedHat, Enterprise Linux 5 Client Workstation
  • RedHat, Enterprise Linux 5 Client
  • RedHat, Enterprise Linux Optional Productivity Applications 5 Server
  • SuSE, SuSE Linux 10.1
  • SuSE, SuSE Linux

Remedy:

For Ubuntu Linux:
Refer to USN-442-1 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux (evolution):
Refer to MDKSA-2007:070 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux (Evolution):
Refer to GLSA 200706-02 for patch, upgrade, or suggested workaround information. See References.

For Debian/GNU Linux (evolution):
Refer to DSA-1325-1 for patch, upgrade, or suggested workaround information. See References.

For SUSE Linux:
Refer to SUSE-SR:2007:015 for patch, upgrade, or suggested workaround information. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

  • Evolution Web site, Evolution Overview at http://www.gnome.org/projects/evolution/.
  • BID-23073: Gnome Evolution Format String Vulnerability
  • CVE-2007-1002: Format string vulnerability in the write_html function in calendar/gui/e-cal-component-memo-preview.c in Evolution Shared Memo 2.8.2.1, and possibly earlier versions, allows user-assisted remote attackers to execute arbitrary code via format specifiers in the categories of a crafted shared memo.
  • DSA-1325: evolution -- several vulnerabilities
  • FrSIRT/ADV-2007-1058: GNOME Evolution Shared Memo Categories Handling Client-Side Format String Vulnerability
  • GLSA-200706-02: Evolution: User-assisted execution of arbitrary code
  • MDKSA-2007:070: Updated evolution packages to address vulnerability
  • RHSA-2007-0158: Moderate: evolution security update
  • SA24234: Evolution Shared Memo Categories Format String Vulnerability
  • SECTRACK ID: 1017808: GNOME Evolution Shared Memo Format String Bug Lets Remote Users Execute Arbitrary Code
  • SUSE-SR:2007:015: SUSE Security Summary Report
  • USN-442-1: Evolution vulnerability

Reported:

Mar 21, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page