Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

From Red Hat Security Advisory 2008:0177 :

Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Evolution is the GNOME collection of personal information management (PIM) tools.

A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)

All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.

Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.

Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4.5 Extended Update Support.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Evolution is the GNOME collection of personal information management (PIM) tools.

A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)

All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.

Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.

A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)

Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution.

The updated packages have been patched to correct this issue.

This update of evolution fixes multiple format-string vulnerabilities that can occur while processing encrypted messages. (CVE-2008-0072)

Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Evolution is the GNOME collection of personal information management (PIM) tools.

A format string flaw was found in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)

All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue.

Red Hat would like to thank Ulf Harnhammar of Secunia Research for finding and reporting this issue.

Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200803-12 (Evolution: Format string vulnerability)

    Ulf Harnhammar from Secunia Research discovered a format string error     in the emf_multipart_encrypted() function in the file mail/em-format.c     when reading certain data (e.g. the 'Version:' field) from an encrypted     e-mail.
  Impact :

    A remote attacker could entice a user to open a specially crafted     encrypted e-mail, potentially resulting in the execution of arbitrary     code with the privileges of the user running Evolution.
  Workaround :

    There is no known workaround at this time.

Ulf Harnhammar of Secunia Research discovered a format string flaw in the way Evolution displayed encrypted mail content. If a user opened a carefully crafted mail message, arbitrary code could be executed as the user running Evolution. (CVE-2008-0072)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ulf Harnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible.

ID	Name	Product	Family	Severity
67667	Oracle Linux 4 : evolution (ELSA-2008-0177)	Nessus	Oracle Linux Local Security Checks	medium
63849	RHEL 4 : evolution (RHSA-2008:0178)	Nessus	Red Hat Local Security Checks	medium
60369	Scientific Linux Security Update : evolution on SL4.x, SL5.x i386/x86_64	Nessus	Scientific Linux Local Security Checks	medium
36634	Mandriva Linux Security Advisory : evolution (MDVSA-2008:063)	Nessus	Mandriva Local Security Checks	medium
31454	openSUSE 10 Security Update : evolution (evolution-5087)	Nessus	SuSE Local Security Checks	medium
31453	SuSE 10 Security Update : evolution (ZYPP Patch Number 5086)	Nessus	SuSE Local Security Checks	medium
31424	CentOS 4 / 5 : evolution (CESA-2008:0177)	Nessus	CentOS Local Security Checks	medium
31405	Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : evolution vulnerability (USN-583-1)	Nessus	Ubuntu Local Security Checks	medium
31389	RHEL 4 / 5 : evolution (RHSA-2008:0177)	Nessus	Red Hat Local Security Checks	medium
31387	GLSA-200803-12 : Evolution: Format string vulnerability	Nessus	Gentoo Local Security Checks	medium
31375	Fedora 8 : evolution-2.12.3-3.fc8 (2008-2292)	Nessus	Fedora Local Security Checks	medium
31374	Fedora 7 : evolution-2.10.3-8.fc7 (2008-2290)	Nessus	Fedora Local Security Checks	medium
31359	Debian DSA-1512-1 : evolution - format string attack	Nessus	Debian Local Security Checks	medium

Detections

Analytics

CVE-2008-0072

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium