Vulnerabilities > CVE-2005-2549 - Format String vulnerability in GNOME Evolution
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2005-743.NASL description Fix for SITIC Vulnerability Advisory SA05-001 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 19437 published 2005-08-18 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19437 title Fedora Core 4 : evolution-2.2.3-2.fc4 (2005-743) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-743. # include("compat.inc"); if (description) { script_id(19437); script_version ("1.12"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_cve_id("CVE-2005-2549", "CVE-2005-2550"); script_xref(name:"FEDORA", value:"2005-743"); script_name(english:"Fedora Core 4 : evolution-2.2.3-2.fc4 (2005-743)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for SITIC Vulnerability Advisory SA05-001 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-August/001215.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?715604a2" ); script_set_attribute( attribute:"solution", value: "Update the affected evolution, evolution-debuginfo and / or evolution-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evolution-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:evolution-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/08/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC4", reference:"evolution-2.2.3-2.fc4")) flag++; if (rpm_check(release:"FC4", reference:"evolution-debuginfo-2.2.3-2.fc4")) flag++; if (rpm_check(release:"FC4", reference:"evolution-devel-2.2.3-2.fc4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "evolution / evolution-debuginfo / evolution-devel"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1016.NASL description Ulf Harnhammar discovered several format string vulnerabilities in Evolution, a free groupware suite, that could lead to crashes of the application or the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22558 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22558 title Debian DSA-1016-1 : evolution - format string vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-141.NASL description Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. (CVE-2005-2549) A format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not properly handled when the user selects the Calendars tab. (CVE-2005-2550) last seen 2020-06-01 modified 2020-06-02 plugin id 19898 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19898 title Mandrake Linux Security Advisory : evolution (MDKSA-2005:141) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-267.NASL description Updated evolution packages that fix a format string issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in Evolution. If a user tries to save a carefully crafted meeting or appointment, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2550 to this issue. Additionally, several other format string bugs were found in Evolution. If a user views a malicious vCard, connects to a malicious LDAP server, or displays a task list from a malicious remote server, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2549 to this issue. Please note that this issue only affects Red Hat Enterprise Linux 4. All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21922 published 2006-07-05 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21922 title CentOS 3 / 4 : Evolution (CESA-2005:267) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200508-12.NASL description The remote host is affected by the vulnerability described in GLSA-200508-12 (Evolution: Format string vulnerabilities) Ulf Harnhammar discovered that Evolution is vulnerable to format string bugs when viewing attached vCards and when displaying contact information from remote LDAP servers or task list data from remote servers (CAN-2005-2549). He also discovered that Evolution fails to handle special calendar entries if the user switches to the Calendars tab (CAN-2005-2550). Impact : An attacker could attach specially crafted vCards to emails or setup malicious LDAP servers or calendar entries which would trigger the format string vulnerabilities when viewed or accessed from Evolution. This could potentially result in the execution of arbitrary code with the rights of the user running Evolution. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 19485 published 2005-08-23 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19485 title GLSA-200508-12 : Evolution: Format string vulnerabilities NASL family SuSE Local Security Checks NASL id SUSE_SA_2005_054.NASL description The remote host is missing the patch for the advisory SUSE-SA:2005:054 (evolution). Several format string bugs allowed remote attackers to cause evolution to crash or even execute code via full vCard data, contact data from remote LDAP servers, task list data from remote servers (CVE-2005-2549) or calendar entries (CVE-2005-2550). last seen 2019-10-28 modified 2005-10-05 plugin id 19933 published 2005-10-05 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/19933 title SUSE-SA:2005:054: evolution NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-267.NASL description Updated evolution packages that fix a format string issue are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management (PIM) tools. A format string bug was found in Evolution. If a user tries to save a carefully crafted meeting or appointment, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2550 to this issue. Additionally, several other format string bugs were found in Evolution. If a user views a malicious vCard, connects to a malicious LDAP server, or displays a task list from a malicious remote server, arbitrary code may be executed as the user running Evolution. The Common Vulnerabilities and Exposures project has assigned the name CVE-2005-2549 to this issue. Please note that this issue only affects Red Hat Enterprise Linux 4. All users of Evolution should upgrade to these updated packages, which contain a backported patch which resolves this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 19542 published 2005-08-30 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19542 title RHEL 3 / 4 : Evolution (RHSA-2005:267) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_E5AFDF63174611DA978E0001020EED82.NASL description A SITIC Vulnerability Advisory reports : Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code. - The first format string bug occurs when viewing the full vCard data attached to an e-mail message. - The second format string bug occurs when displaying contact data from remote LDAP servers. - The third format string bug occurs when displaying task list data from remote servers. - The fourth, and least serious, format string bug occurs when the user goes to the Calendars tab to save task list data that is vulnerable to problem 3 above. Other calendar entries that do not come from task lists are also affected. last seen 2020-06-01 modified 2020-06-02 plugin id 21526 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21526 title FreeBSD : evolution -- remote format string vulnerabilities (e5afdf63-1746-11da-978e-0001020eed82)
Oval
| accepted | 2013-04-29T04:20:12.531-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9553 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://marc.info/?l=full-disclosure&m=112368237712032&w=2
- http://secunia.com/advisories/16394
- http://secunia.com/advisories/19380
- http://www.debian.org/security/2006/dsa-1016
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:141
- http://www.novell.com/linux/security/advisories/2005_54_evolution.html
- http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html
- http://www.redhat.com/support/errata/RHSA-2005-267.html
- http://www.securityfocus.com/archive/1/407789
- http://www.securityfocus.com/bid/14532
- http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553
- https://usn.ubuntu.com/166-1/