Gnome Evolution Format String Vulnerability
BID:23073
Info
Gnome Evolution Format String Vulnerability
| Bugtraq ID: | 23073 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1002 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2007 12:00AM |
| Updated: | Aug 06 2007 05:44PM |
| Credit: | Ulf Harnhammar of Secunia Research discovered this issue.. |
| Vulnerable: |
Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise SDK 10 SuSE Linux Enterprise Server 10 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. openSUSE 10.2 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.1 Redhat Enterprise Linux Optional Productivity Application 5 server Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 GNOME Evolution 2.8 GNOME Evolution 2.6.1 GNOME Evolution 2.8.2.1 Gentoo mail-filter/spamassassin 3.1.8 Gentoo mail-client/evolution 0 Foresight Linux Foresight Linux 1.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: | |
Discussion
Gnome Evolution Format String Vulnerability
Gnome Evolution is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier in a shared memo.
A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Gnome Evolution version 2.8.2.1 is vulnerable to this issue; other versions may also be affected.
Gnome Evolution is prone to a format-string vulnerability.
This issue presents itself because the application fails to properly sanitize user-supplied input before passing it as the format specifier in a shared memo.
A successful attack may crash the application or possibly lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context of the user running the application.
Gnome Evolution version 2.8.2.1 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Gnome Evolution Format String Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Gnome Evolution Format String Vulnerability
Solution:
The vendor has released fixes to address this issue; please see the reference section for details.
GNOME Evolution 2.6.1
GNOME Evolution 2.8
Solution:
The vendor has released fixes to address this issue; please see the reference section for details.
GNOME Evolution 2.6.1
-
Ubuntu evolution-dbg_2.6.1-0ubuntu7.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_ 2.6.1-0ubuntu7.1_amd64.deb -
Ubuntu evolution-dbg_2.6.1-0ubuntu7.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_ 2.6.1-0ubuntu7.1_i386.deb -
Ubuntu evolution-dbg_2.6.1-0ubuntu7.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_ 2.6.1-0ubuntu7.1_powerpc.deb -
Ubuntu evolution-dbg_2.6.1-0ubuntu7.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dbg_ 2.6.1-0ubuntu7.1_sparc.deb -
Ubuntu evolution-dev_2.6.1-0ubuntu7.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_ 2.6.1-0ubuntu7.1_amd64.deb -
Ubuntu evolution-dev_2.6.1-0ubuntu7.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_ 2.6.1-0ubuntu7.1_i386.deb -
Ubuntu evolution-dev_2.6.1-0ubuntu7.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_ 2.6.1-0ubuntu7.1_powerpc.deb -
Ubuntu evolution-dev_2.6.1-0ubuntu7.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-dev_ 2.6.1-0ubuntu7.1_sparc.deb -
Ubuntu evolution-plugins_2.6.1-0ubuntu7.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plug ins_2.6.1-0ubuntu7.1_amd64.deb -
Ubuntu evolution-plugins_2.6.1-0ubuntu7.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plug ins_2.6.1-0ubuntu7.1_i386.deb -
Ubuntu evolution-plugins_2.6.1-0ubuntu7.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plug ins_2.6.1-0ubuntu7.1_powerpc.deb -
Ubuntu evolution-plugins_2.6.1-0ubuntu7.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution-plug ins_2.6.1-0ubuntu7.1_sparc.deb -
Ubuntu evolution_2.6.1-0ubuntu7.1_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6. 1-0ubuntu7.1_amd64.deb -
Ubuntu evolution_2.6.1-0ubuntu7.1_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6. 1-0ubuntu7.1_i386.deb -
Ubuntu evolution_2.6.1-0ubuntu7.1_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6. 1-0ubuntu7.1_powerpc.deb -
Ubuntu evolution_2.6.1-0ubuntu7.1_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution_2.6. 1-0ubuntu7.1_sparc.deb
GNOME Evolution 2.8
-
Mandriva evolution-2.8.0-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva evolution-2.8.0-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva evolution-devel-2.8.0-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva evolution-devel-2.8.0-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva evolution-mono-2.8.0-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva evolution-mono-2.8.0-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download -
Mandriva evolution-pilot-2.8.0-1.1mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download -
Mandriva evolution-pilot-2.8.0-1.1mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0/X86_64:
http://www.mandriva.com/en/download
References
Gnome Evolution Format String Vulnerability
References:
References:
- Evolution Shared Memo Categories Format String Vulnerability (Secunia Research
- GNOME Homepage (GNOME)
- Novell Evolution 2 Homepage (Novell )
- RHSA-2007:0158-2 evolution security update (Red Hat)