CVE-2008-1109

Related Files

Gentoo Linux Security Advisory 200806-6

Posted Jun 17, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200806-06 - Multiple vulnerabilities in Evolution may allow for user-assisted execution of arbitrary code. Versions less than 2.12.3-r2 are affected.

tags | advisory, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2008-1108, CVE-2008-1109

SHA-256 | 135bb9ab1de2bc1017950f49502b4412aa54667992de860daf652fbb6c710f11

Download | Favorite | View

Mandriva Linux Security Advisory 2008-111

Posted Jun 11, 2008

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. Evolution also did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. In addition, Matej Cepl found that Evolution did not properly validate date fields when processing iCalendar attachments, which could lead to a denial of service if the user viewed a crafted iCalendar attachment with the Itip Formatter plugin disabled.

tags | advisory, denial of service, arbitrary

systems | linux, mandriva

advisories | CVE-2008-1108, CVE-2008-1109

SHA-256 | c8887f2382bbf2f38ca613a39ff385f4667c6d738032adf9747301ae840ae724

Download | Favorite | View

Ubuntu Security Notice 615-1

Posted Jun 6, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 615-1 - Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or possibly execute code with user privileges. Note that the ITip Formatter plugin is enabled by default in Ubuntu. Alin Rad Pop of Secunia Research discovered that Evolution did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker code cause a denial of service or execute code with user privileges. Matej Cepl discovered that Evolution did not properly validate date fields when processing iCalendar attachments. If a user disabled the ITip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service. Note that the ITip Formatter plugin is enabled by default in Ubuntu.

tags | advisory, denial of service

systems | linux, ubuntu

advisories | CVE-2008-1108, CVE-2008-1109

SHA-256 | 193a2293c57e306c6e96a9d6f95e6c78b667727a51dc2eba5e75442bdf6761aa

Download | Favorite | View