The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code.
Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.
From Secunia Advisory SA29057:
A remote, unauthenticated attacker may be able to execute arbitrary code or cause Evolution to crash.
The Evolution team has released a patch to address this issue. See GNOME Bug 520745 for more information. Users and administrators who do not compile Evolution from source should obtain fixed software from their operating system vendor.
This vulnerability was made public by Ulf Harnhammar of Secunia Research.
This document was written by Ryan Giobbi.
|Date First Published:||2008-03-07|
|Date Last Updated:||2008-03-07 14:46 UTC|