Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Evolution | Gnome | 1.5 (including) | 1.5 (including) |
| Evolution | Gnome | 2.0 (including) | 2.0 (including) |
| Evolution | Gnome | 2.1 (including) | 2.1 (including) |
| Evolution | Gnome | 2.2 (including) | 2.2 (including) |
| Evolution | Gnome | 2.3.1 (including) | 2.3.1 (including) |
| Evolution | Gnome | 2.3.2 (including) | 2.3.2 (including) |
| Evolution | Gnome | 2.3.3 (including) | 2.3.3 (including) |
| Evolution | Gnome | 2.3.4 (including) | 2.3.4 (including) |
| Evolution | Gnome | 2.3.5 (including) | 2.3.5 (including) |
| Evolution | Gnome | 2.3.6.1 (including) | 2.3.6.1 (including) |
| Red Hat Enterprise Linux 3 | RedHat | evolution-0:1.4.5-16 | * |
| Red Hat Enterprise Linux 4 | RedHat | evolution-0:2.0.2-16.3 | * |
References
- http://marc.info/?l=full-disclosure\u0026m=112368237712032\u0026w=2
- http://secunia.com/advisories/16394
- http://secunia.com/advisories/19380
- http://www.debian.org/security/2006/dsa-1016
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:141
- http://www.novell.com/linux/security/advisories/2005_54_evolution.html
- http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
- http://www.redhat.com/support/errata/RHSA-2005-267.html
- http://www.securityfocus.com/archive/1/407789
- http://www.securityfocus.com/bid/14532
- http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553
- https://usn.ubuntu.com/166-1/
- http://marc.info/?l=full-disclosure\u0026m=112368237712032\u0026w=2
- http://secunia.com/advisories/16394
- http://secunia.com/advisories/19380
- http://www.debian.org/security/2006/dsa-1016
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:141
- http://www.novell.com/linux/security/advisories/2005_54_evolution.html
- http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
- http://www.redhat.com/support/errata/RHSA-2005-267.html
- http://www.securityfocus.com/archive/1/407789
- http://www.securityfocus.com/bid/14532
- http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553
- https://usn.ubuntu.com/166-1/