SUSE Security Announcement - The Evolution personal information manager is vulnerable to format string bugs in the emf_multipart_encrypted() function that is used to process encrypted messages. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted e-mail.
f0ad4928578b14285535ecc1964dcc56bd9f04a59e5cf840b0a9bb45dca19394Mandriva Linux Security Advisory - Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution.
52eda058258bdcb9d43638c57fc974b386b40ef9d7b0bbeae526792bdb969b82Gentoo Linux Security Advisory GLSA 200803-12 - Ulf Harnhammar from Secunia Research discovered a format string error in the emf_multipart_encrypted() function in the file mail/em-format.c when reading certain data (e.g. the Version: field) from an encrypted e-mail. Versions less than 2.12.3-r1 are affected.
33a92899b1ce0b36840cf539ae269f980d49133cc7962c917e2bc7db908681d3Ubuntu Security Notice 583-1 - Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution.
de63b123c9a1cee483e103bd14102f1e7f065f80460804cae7ed3f45460c2dabDebian Security Advisory 1512-1 - Ulf Harnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible.
9402a08a62d7316259919341c76df564fda29993750e3ba47d980ceef4d71148
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed