Bug 183680 (CVE-2006-0040)
Summary: | CVE-2006-0040 DoS from large email | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dave Malcolm <dmalcolm> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bressers, jlieskov, mbarnes, mcrha, peterm, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-17 15:08:36 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 235705 |
Description
Dave Malcolm
2006-03-02 19:32:03 UTC
Have we looked at this at all? No response from upstream either. I guess evolution is no longer maintained. Can we please drop it for RHEL5 and ship something else ? For what it's worth, I filed a bug upstream which has gotten little attention: http://bugzilla.gnome.org/show_bug.cgi?id=337439 Should this be assigned to mbarnes ? It seems there's finally some movement on this upstream, though it's more of a workaround in Evolution than a direct fix for GtkHtml. See http://bugzilla.gnome.org/show_bug.cgi?id=33743 I'll get the patch into Rawhide for testing. Sorry, the link was supposed to be: http://bugzilla.gnome.org/show_bug.cgi?id=337439#c9 Progress and a beginning but not a useful one. The perfect variant of this attack can screw you totally in a good deal under 4MB of input. Alan Moving this to F9Target. Final Freeze is in effect now. Security fixes almost certainly warrant a freeze break, so in case you build a fix for this, mail release engineering as described here: [2] [1] https://www.redhat.com/archives/fedora-devel-announce/2008-April/msg00007.html [2] http://fedoraproject.org/wiki/ReleaseEngineering/FinalFreezePolicy Thanks! I think at this point the solution is to drop GtkHTML entirely and move Evolution over to WebKit/GTK+. I've already started working on this and am hoping it will happen this year, at least for /viewing/ emails. Editing is another story. Common Vulnerabilities and Exposures assigned an identifier CVE-2006-0040 to the following vulnerability: GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0040 http://www.securityfocus.com/archive/1/archive/1/426452/100/0/threaded http://www.securityfocus.com/bid/16899 http://www.frsirt.com/english/advisories/2006/0801 http://secunia.com/advisories/19094 http://xforce.iss.net/xforce/xfdb/25050 I imagine that somewhere in the last 5 years, between Fedora 9 and current Fedora, this has been fixed. As it did not affect RHEL5, and will not be fixed in RHEL4, I'm closing this bug. |