Vulnerability Note VU#512491

GNOME Evolution format string vulnerability

Original Release date: 07 Mar 2008 | Last revised: 07 Mar 2008

Overview

The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code.

Description

Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.

From Secunia Advisory SA29057:

    A format string error in the "emf_multipart_encrypted()" function in mail/em-format.c when displaying data (e.g. the "Version:" field) from an encrypted e-mail message can be exploited to execute arbitrary code via a specially crafted e-mail message.

    Successful exploitation requires that the user selects a malicious e-mail message.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code or cause Evolution to crash.

Solution

Upgrade
The Evolution team has released a patch to address this issue. See GNOME Bug 520745 for more information. Users and administrators who do not compile Evolution from source should obtain fixed software from their operating system vendor.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Debian GNU/LinuxAffected-07 Mar 2008
Gentoo LinuxAffected-07 Mar 2008
GNOMEAffected-07 Mar 2008
Red Hat, Inc.Affected-07 Mar 2008
UbuntuAffected-07 Mar 2008
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was made public by Ulf Harnhammar of Secunia Research.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2008-0072
  • Date Public: 05 Mar 2008
  • Date First Published: 07 Mar 2008
  • Date Last Updated: 07 Mar 2008
  • Severity Metric: 1.80
  • Document Revision: 19

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.