Bug 233587 (CVE-2007-1002)

Summary: CVE-2007-1002 evolution format string flaw
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Matthew Barnes <mbarnes>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://marc.info/?l=bugtraq&m=117449439201881&w=2
Whiteboard:
Fixed In Version: evolution-2.8.3-2.fc6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-05 13:03:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 231478    
Bug Blocks:    

Description Lubomir Kundrak 2007-03-23 11:27:36 UTC
Affects FC5, FC6

+++ This bug was initially created as a clone of Bug #231478 +++

Ulf Harnhammar, Secunia Research, discovered a format string flaw in the way
evolution displays a memo's categories.  It is possible for an attacker to send
a specially crafted memo mail which could execute arbitrary code as the user
running evoluiton.  This memo must be accepted form the email, then later viewed
by the victim.  The attack requires a fair amount of user interaction to be
successful.

-- Additional comment from bressers on 2007-03-22 09:38 EST --
This flaw is now public:
http://marc.info/?l=bugtraq&m=117449439201881&w=2

Comment 1 Matthew Barnes 2007-04-05 13:03:18 UTC
Fixed in evolution-2.6.3-2.fc5 and evolution-2.8.3-2.fc6.